History log of /frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
f7e966c32685b040c55b3b21510a1fa463b2eff9 29-Jul-2017 Svet Ganov <svetoslavganov@google.com> Add a missing null check

Test: manual

bug::62755026

Change-Id: Icf719d0e62986febd4d31f22be3e59d83c8e6e09
(cherry picked from commit 0ae9570c9925603a04d5a78775a68cc9d437542b)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c9935cbce48c19b403eb479590dd9a1a2e01aaab 28-Jul-2017 Svet Ganov <svetoslavganov@google.com> Handle case for missing permissions - fix NPE

Test: manual

Bug:62755026

Change-Id: Ie4dddffdb055f6084d9420ae94d0de2a61574bd8
(cherry picked from commit 39cc33f192d528f250818446ea0418aaf0cfe41f)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b7f74b73eb46eff08c17e8e84133f5f224228c21 28-Jul-2017 Svetoslav Ganov <svetoslavganov@google.com> Report permission flags for all protections based on SDK

We added a couple of protection flags that also apply to
normal and dangerous permissions. These flags are folded
in the protection level breaking apps that directly and
compare against the protection constants. Apps that target
older than O SDK don't get protection flags folded into
the protection level.

Test: All permission tests pass
Added a new test to ensure no protection flags reported
for normal and dangerous permissions

Change-Id: I87b10a7695d8ecfa7156525d6f3d101fc0639513
bug:62755026
(cherry picked from commit adb8c522a84b5c7531b009b7a8d4c854ca7dee08)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0ff02be69d9fe57df60eb12af25dd0c56e76b2f4 26-Jun-2017 Todd Kennedy <toddke@google.com> Filter instant apps with different names

ag/2447596 introduced a regression that caused instant apps to be
made visible to one another.

Change-Id: I5db9a43f05dd5bec991cc0934b1c9a9406dfade6
Fixes: 62998487
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
(cherry picked from commit 1dfb21b673471aa8780e2b44b362a70f4675cb49)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fbc344172bedab606bc059bafc1d4b13ca97c3a3 26-Jun-2017 Todd Kennedy <toddke@google.com> null check before dereference

Change-Id: I6ae219b68920c160e104b307f60802fd75e705ce
Fixes: 62908319
Test: Manual
(cherry picked from commit 7833e7c5cb628bbf634f8771e00a896a91d43403)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
16503a8f7e983178356f0c4bbbdaf71037e13a40 23-Jun-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Allow any app to dynamically install a split" into oc-dev
739af1876b6d1cb3b7c36742a8d2de495687c27e 22-Jun-2017 Todd Kennedy <toddke@google.com> Allow any app to dynamically install a split

Any application starting an activity resolved to a dyanmic split
should initiate split installation. Previously, only the application
defining the split could start installation of the split.

Bug: 62872325
Test: Manual; install instant app and start intent using 'adb shell am' and see that dynamic split installation occurs
Change-Id: I232dc5df82fb2c04653015a4a6b9f07c9e382205
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
88f98985d5863cd4a3a1695648482be63c8c73bc 21-Jun-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Allow Instant Apps to call getPermissionControllerPackageName" into oc-dev
03f85fef7f80e2faa8ee8f452195d42158d3376e 21-Jun-2017 Chad Brubaker <cbrubaker@google.com> Allow Instant Apps to call getPermissionControllerPackageName

This is needed for requesting permissions to work.

Bug: 62791664
Test: Requesting a runtime permission doesn't crash the app
Change-Id: If18ac8e4c903f3804ec24df39d169fa9145f449e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
324c41ba890f1ee5bacfc01b869f084206b5187e 21-Jun-2017 Svetoslav Ganov <svetoslavganov@google.com> Merge "[DO NOT MERGE] Support native shared libs" into oc-dev
f8579581c1d6bf993f26d21aefca410ac9b6706b 17-Jun-2017 Svet Ganov <svetoslavganov@google.com> [DO NOT MERGE] Support native shared libs

Add the shared libs that are APKs to the native library
path when creating application class loaders. Also don't
allow shared libraries hosting native libs to request
extraction of the native libs out of the APK. Lastly,
shared libraries hosting native libs must be declared
as multi-architecture.

Test: CTS tests in this topic

bug:62720360

Change-Id: I0a398593ebe41b2976cb706ca8a388005f5aec83
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
65ffdba7f7d817bf015e649735ed227471d30788 18-Jun-2017 Todd Kennedy <toddke@google.com> Merge "Track both framework and app overlays per package" into oc-dev
560830c9f06d07d97055426420709733571ca05b 16-Jun-2017 Todd Kennedy <toddke@google.com> Track both framework and app overlays per package

Always bundle framework and app overlays. The old implementation, where
framework and app overlays were tracked independently, lead to an error
in the following scenario:

1. Enable app overlay -> change reflected in app
2. Enable framework overlay -> error: no change reflected in app
3. Disable app overlay -> change reflected in app, including framework
overlay

This change also leads to better architecture since the package manager
no longer needs to know that an app's overlays consist of both framework
and app specific overlays. Instead, that knowledge is handled by the
overlay manager.

Also, correct indentation in "cmd package dump packages" output and
remove obsolete constant DUMP_ENABLED_OVERLAYS.

Test: Manual
Change-Id: I707fc00052a15b22fb8c17e6155732520e6b2e52
Bug: 62680061
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5d969b9862aefa3ddd8160f12829c22bc86de131 16-Jun-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "enable/disable dexopt for instant apps remotely" into oc-dev
627fbf8157469c29b90fe0160d64053e6776bd64 16-Jun-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "don't block uninstall of unknown packages" into oc-dev
133c5da0d972ff8f1676890679f478aa30e08dfd 15-Jun-2017 Todd Kennedy <toddke@google.com> enable/disable dexopt for instant apps remotely

Change-Id: I997b8ae515f7bf2570edca4ed7ab4b46198148a5
Fixes: 62591398
Test: Manual; install instant app and see that it doesn't dexopt
Test: Manua; update gservices flag, install instant app and see that it does dexopt
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a708300441729c9f55d53ee12bf81e3cf8245367 15-Jun-2017 Todd Kennedy <toddke@google.com> don't block uninstall of unknown packages

If a package can't be found because it's not installed or it's
been filtered due to lack of visibility, don't claim the uninstall
should be blocked.

Change-Id: I932b77cea5749e5964ca626558bef51cdfdfd17b
Fixes: 62450984
Test: Manual
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
508a5bade66d5ecf7559cf6644c4ad7f29591f46 14-Jun-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Save overlay paths as user state" into oc-dev
b274947dfb03f04872546774af0f8770ade5bed7 13-Jun-2017 Todd Kennedy <toddke@google.com> Save overlay paths as user state

Instead of maintaining a separate structure just for overlay
paths, store them as user state in the package setting. Also
centralize updating the overlay paths to avoid issues with
inconsistent updates.

Fixes: 36561125
Test: Manual
Change-Id: Iac1c987e8650074dbc564e332d5da1950fad6ac5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
66c2b228277a2e45bd276abc0c48fbeb4854f312 08-Jun-2017 Chad Brubaker <cbrubaker@google.com> Remove stopship workaround for instant app targetSdkVersion

Instant Apps will need to target O and the v2 security sandbox. Replace
the hack that silently upgrades them with an error.
Test: cts-tradefed run commandAndExit cts-dev -m
CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Fixes: 62444631

Change-Id: If28602924f38c78c06a23efb7e28c8f17528c4cf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3834421c96ec503eff36e3eedceb7a06558a2a40 08-Jun-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge changes Iea24e5a1,If71385bc into oc-dev

* changes:
expand who can uninstall an instant app
Final changes to protect the API surface
dacdf2e978e4e293f381952b7d96969c86e571aa 08-Jun-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Passing callingUid to internal methods" into oc-dev
18211fd8f6ff4a70a4b8b16fab642783d536102b 06-Jun-2017 Todd Kennedy <toddke@google.com> Passing callingUid to internal methods

Sometimes callers want to clear the calling identity [to avoid permission
calls]. In this case, allow passing the original calling identity to
internal methods.

Test: Manual; create profile account and observe launcher still works cross profile
Test: bit FrameworksServicesTests:com.android.server.pm.ShortcutManagerTest{1..10}
Change-Id: I73f8ad4b2dc1895227c3fcb14f3f1f18f600562f
Fixes: 38349978
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
96a7326d90ff083c768f2ca7334f6ece9031561b 07-Jun-2017 Todd Kennedy <toddke@google.com> expand who can uninstall an instant app

More than just those with the ACCESS_INSTANT_APP
permission should be able to uninstall instant apps.
Any uid that can see instant apps [that includes
the shell and some others] should be able to
uninstall them.

Change-Id: Iea24e5a1cdb369bdf29e7cf5db7977db63faedfc
Fixes: 62406346
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4e4769c12051daaef0092426c81e8b7c1e594b78 02-Jun-2017 Todd Kennedy <toddke@google.com> Final changes to protect the API surface

This is it. The last set of changes to protect instant apps
from full apps.

Bug: 35871369
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Test: Manual; install instant app and ensure it runs
Change-Id: If71385bcc9a5637590fbd99b0ffcd5ed8809509c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
944e6965f73065bc40d38dc4b6309f6d5b10e33b 02-Jun-2017 Todd Kennedy <toddke@google.com> Don't verify instant apps

Change-Id: I07bc45bc82d1cbd2012c4605d5ca19f2ef36d615
Fixes: 62202471
Test: Manual; install instant app, see verification is disabled
Test: Manual; install full app, see verification is enabled
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8e2cc10a893980ae1a64977392cec24372a780eb 01-Jun-2017 Todd Kennedy <toddke@google.com> Protect instant apps from full apps

Bug: 35871369
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Test: Manual; install instant app and ensure it runs
Change-Id: I1835fe58256377f901db38fcc3e4c98886d799ac
Merged-In: I1835fe58256377f901db38fcc3e4c98886d799ac
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
06951ac74d9e74b29037b0a5d8e3b9ad85983b5b 31-May-2017 Jeff Sharkey <jsharkey@google.com> Merge "Consistent "low storage" behavior." into oc-dev
ddff807b762a8a455287abc97aea8f97b98fb104 26-May-2017 Jeff Sharkey <jsharkey@android.com> Consistent "low storage" behavior.

When answering the question "how much space is free", use the same
logic for Settings UI and StorageManager.getAllocatableBytes(). That
is, the reported free space is usable bytes plus any cached data the
system is willing to delete automatically.

This does *not* include any reserved cache space, since we don't want
abusive apps to penalize other well-behaved apps that are storing
their data in cache locations. Callers freeing cached data need to
now explicitly request defiance of the reserved cache space. (Most
callers are already doing this by using FLAG_ALLOCATE_AGGRESSIVE.)

Rewrite the core logic of DeviceStorageMonitorService to understand
this new "reserved" cache space, and to be easier to understand. It
also now handles cached data on adopted storage volumes, which had
been ignored until now. Also fix bug where we had skipped "low"
broadcasts when the device skipped directly from/to "full" state.

Bug: 38008706
Test: cts-tradefed run commandAndExit cts-dev -m CtsJobSchedulerTestCases -t android.jobscheduler.cts.StorageConstraintTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.StorageHostTest
Change-Id: Icbdcf3b52775f7ada1ceaeff2f96094c8d8052f9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f36d53cbfc34dcadfe156f3037bf40b4908142a8 24-May-2017 Svet Ganov <svetoslavganov@google.com> Prune unused static libs and instant apps if space needed

We are caching unused static shared libs and instant apps
(installed and uninstalled) opportunistically. If space is
needed we delete these to free up space.

Test: manual

bug:62045000

Change-Id: Id992dee5c7c6e36b8e8b81050602dbc4eeafb0f9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5ded03bd46db1f223985f2624c68fae037f6adb1 24-May-2017 Svet Ganov <svetoslavganov@google.com> Compare against correct user id to determine static lib clients

Test: manual, static shared lib CTS tests pass

bug:36632264

Change-Id: I58b2787ff0b95c89f9e9bb9a005b39e3505aefcb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
dc89202d1a7c6062c1a1e6a06f9878c534ab04cb 26-May-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Handle install time ephemeral permissions" into oc-dev
975ee1f25a58e1f5f636248c0b51851767ccc14b 25-May-2017 Sudheer Shanka <sudheersai@google.com> Merge "[PackageManagerService]:Fix system app can't uninstall apps silently" into oc-dev
ac2b5fb838ce7198def26085b5050e15d19495a4 24-May-2017 Chad Brubaker <cbrubaker@google.com> Handle install time ephemeral permissions

Normal install time permissions can still be denied to apps that are
running as Instant Apps, properly report such permissions as not
granted.

This fix isn't the perfect fix where PermissionState handles install
time permissions and Instant Apps but that fix is more invasive and
involves a lot of code change.

Bug: 37871983
Test: cts-tradefed run commandAndExit cts-dev -m
CtsAppSecurityHostTestCases -t
android.appsecurity.cts.EphemeralTest#testInstallPermissionNotGranted

Change-Id: Ie47fb92953bc5f2ff3a58a6420b1cb524cf1ed9e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1de10d6602df4ab2a7769b69a57e472920ba7fee 24-May-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "System installed launcher can see instant apps" into oc-dev
4d3d0352557e703cf0603131f1abd355e377e01e 24-May-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Filter instant <--> full app" into oc-dev
d8e7206d942ada63cd3c1bb5dff2def35033ad91 06-Apr-2017 luozhanwei <luozhanwei@xiaomi.com> [PackageManagerService]:Fix system app can't uninstall apps silently

System app in user space except Owner user can't uninstall apps silently

Bug: 62057943
Bug: 37324004
Test: manual

Change-Id: Ia168a5d757b4d8ae10fe9a82fc786626a3b5b2f7
Signed-off-by: luozhanwei <luozhanwei@xiaomi.com>
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3051caac52729c8c059eb538805f4d274a9945a5 24-May-2017 Todd Kennedy <toddke@google.com> System installed launcher can see instant apps

Change-Id: I97f791b61f9b4f7ed33305345bf3d92394b40ae4
Fixes: 38202759
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Test: Manual. Create sample app that replaces the launcher to test ability to see ephemeral apps.
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d7a2c1c23bdd6547aa864e325792cd89ffde0c5e 23-May-2017 Todd Kennedy <toddke@google.com> Filter instant <--> full app

Last in the series for protecting full apps from instant apps. Still
need to make another pass at the opposite direction.

Bug: 35871369
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Test: Manual; install instant app and ensure it runs
Change-Id: I3734cb154e7b952f3a9cf7c5415dffcd4de02aba
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9bb5e1665748007df1393f5c9274b648163a6da9 24-May-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Re-pin camera odex/vdex files only if they have changed" into oc-dev
31ce3a8a56e78ecc17d9befbc64a1e529b6b78e9 23-May-2017 Calin Juravle <calin@google.com> Re-pin camera odex/vdex files only if they have changed

Test: Camera is re-pinned after
adb shell cmd package compile -f -m extract
com.google.android.GoogleCamera
adb shell cmd package bg-dexopt-job

Bug: 33168521
Change-Id: I5c5e76d1e40b6d433c9a0beba463c86f79ad437e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7210f130dbd37dc42f65ade897d6e7e5a3b445c3 22-May-2017 Todd Kennedy <toddke@google.com> Filter package manager calls

These are some of the nuanced package manager calls. These aren't
outright allowed or denied. Instead, their return value depends upon
who's calling it [eg an instant app or a full app] and the type of
application the method operates on.

Bug: 35871369
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Test: Manual; install instant app and ensure it runs
Change-Id: I88b37e2c7928d5b0a7428cef53112dc193053266
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9403fa983207017339a814e7c32fc024e2cb4f41 19-May-2017 Todd Kennedy <toddke@google.com> Blanket deny instant apps from some methods

There are many methods instant apps are not allowed to call. Throw
a SecurityException if they try to call them.

Bug: 35871369
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Test: Manual; install instant app and ensure it runs
Change-Id: Iffdc6cd4e298fc4e1070e68abf7065369d0bed25
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d5f3bd46a1a9dd4b60a460ceffb40bc3bf8e0fb7 18-May-2017 Todd Kennedy <toddke@google.com> Merge "don't dex when installing an instant app" into oc-dev
72b7b1f00162e455fab471b451fe0b3fe33cb1db 18-May-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Filter package related info" into oc-dev
9ba6afa31eaf84d43e3bdd6449ded56e7856e811 18-May-2017 Todd Kennedy <toddke@google.com> don't dex when installing an instant app

Bug: 38259387
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Test: install an instant app, see that it doesn't dex
Test: install a full app, see that it does dex
Change-Id: Id7dc749954d0be24bbd80da2ef0f43e39f77993e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
89b5189516d1889b34e460c8fd21ad125fa4fa0b 17-May-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "PackageManager: Change post-install GC request" into oc-dev
e6393c95716e5ad9bfb52931eb6e4f23f7640f01 17-May-2017 Todd Kennedy <toddke@google.com> Filter package related info

This is one of many CLs to go through the PackageManager API surface
and filter access depending upon the requested information and the caller.
In this change, we filter ActivityInfo, ApplicationInfo and PackageInfo.

Bug: 35871369
Test: bit FrameworksCoreTests:android.content.pm.PackageManagerTests
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Change-Id: Iaefd73f912ab1c7e1844e72625388455f783a362
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f38a1d3d2a82e20f60d7b9bcf2457d6e1edb7616 16-May-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Restrict access to instant app data in usage stats" into oc-dev
e943a3cbe7dd9d7f1ab977e64178730190b37755 16-May-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Always add the instant app installer" into oc-dev
ad623015a119efe9b63f594af9c4703f40a0c27b 15-May-2017 Makoto Onuki <omakoto@google.com> Restrict access to instant app data in usage stats

- Events are obfuscated based on whether the app was instant or not at
the time each event was logged.

- UsageStats are obfuscated based on whether each app is instant or
not at the moment.

Bug 38202133
Test: Manual test using UsageStatsTest and instant apps

Change-Id: I3c74309196b88d010d317cb0dd6749bf4624e876
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
22d8bb2ca310a929803be4c4ab99c44bc43d1a93 15-May-2017 Todd Kennedy <toddke@google.com> Always add the instant app installer

Even if we filter out an instant app because the caller doesn't
have access to it, always make sure to add the installer when
we have the possibility of an instant app.

NOTE: This does not have CTS tests since it's impossible to test
without involving the resolver. CTS tests will be added in MR1+
when we can make changes to the APIs and add the necessary methods
to mock out the resolver service.

Change-Id: I92c88eb04520c0c5e0c58db6d668ed0a0e552a35
Fixes: 38268052
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
47698882f90b762b1bc960b5f6757a120d41bb78 16-May-2017 Andreas Gampe <agampe@google.com> PackageManager: Change post-install GC request

Only run a blocking GC when updating. Otherwise, only request a
concurrent GC to clean up.

Bug: 38259387
Test: m
Test: Device boots
Test: Install works
Change-Id: Id1a0e956f26e166d927f833075bc4807f32b94f7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e04765998e32dc3e098becfdfa3d19045926b541 16-May-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Support recursive static shared lib dependency" into oc-dev
58c99f02077d8279e88a89d8e6fe413af5692f87 15-May-2017 Svet Ganov <svetoslavganov@google.com> Support recursive static shared lib dependency

Test: Updated the static shared lib CTS tests to verify that
All static shared lib CTS tests pass

bug:35359862

Change-Id: Id4a0dabbc9d8e98962e92b6f537f6ffffa63b585
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4c25935bfea6b5df169c926b93185c042422f0ec 15-May-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Hadler USER_ALL when uninstalling static shared lib" into oc-dev
5ef1cefd6eaa2485fea5ed606b3b4d86374e7294 15-May-2017 Svet Ganov <svetoslavganov@google.com> Hadler USER_ALL when uninstalling static shared lib

Test: manual - cannot uninstall an lib with cross user dependency
All static shared lib CTS tests pass

bug:36632264

Change-Id: Idd11405b27ccd8cacc2a50814e1317356689b7d1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2a3473413119ec44b45837110a06b97171036185 13-May-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Add command to retrieve the instant app resolver" into oc-dev
fc157e702f7bc79a1156bb8e54efa495984981a5 12-May-2017 Sunny Goyal <sunnygoyal@google.com> Merge "Setting Session commited broadcast when an existing apk is enabled for a different user" into oc-dev
a31a74b993578573eca33ca68762a98c6f6cb904 12-May-2017 Sunny Goyal <sunnygoyal@google.com> Setting Session commited broadcast when an existing apk is enabled for
a different user

Test: Manual tests and CTS
Bug: 38204385
Change-Id: Ic3bddbc2e6070c11b11f0685077db7737f2b8849
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8e9bcec1e470ddeeb375b26bb273f4122057bd17 11-May-2017 Todd Kennedy <toddke@google.com> Remove lots of log spew

Change-Id: Ia8dbc32c72585c14f9e1a2c5364ab2663bbf97ea
Fixes: 33351736
Test: Manual; start the system and enjoy how little PackageManager spams
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c3db339987acf8d4c0f81615c53ec6ac41f94f15 12-May-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "System/root/shell need to explicitly ask for static libs to get them" into oc-dev
9e77977ffa4cb3c8dfa82070c20417e556fe7c8a 11-May-2017 Svet Ganov <svetoslavganov@google.com> System/root/shell need to explicitly ask for static libs to get them

Test: manual - settings no longer shows static shared libs
all shared lib CTS tests pass

bug:36632271

Change-Id: If3363059b5f5300e309b61899af8c2559af317fe
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a6a73ff55aefc13a51603ad18f3e22ef77425cc3 11-May-2017 Nicolas Geoffray <ngeoffray@google.com> Merge "Handle safe mode in PackageManager." into oc-dev
79cc05a6c1cac17d96fae01efd9cbed5c733618a 10-May-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "If ENSURE_VERIFY_APPS is enforced, reject installation by default." into oc-dev
e9c0b24ccedcf486c253a7bc474939ee28af7bae 09-May-2017 Pavel Grafov <pgrafov@google.com> If ENSURE_VERIFY_APPS is enforced, reject installation by default.

Bug: 37738016
Bug: 37737479
Test: manually, tried to install a package when the user is still locked on an FBE device and hence verifier doesn't run as it is not crypto-aware.
Change-Id: I6d9d5dd13c8ebd49cc8e5e3381d1a04eb54f1747
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9b5a06037f80dff46218b1611862c1fd2b3df8b2 03-May-2017 Nicolas Geoffray <ngeoffray@google.com> Handle safe mode in PackageManager.

PackageManager side of the change.

bug:37929796
Test: manual OTA with a safemode app.
(cherry picked from commit d093b203f557685de33179bff0eb35ea205294a2)

Change-Id: Icee7f7174d28bed79fc2cde4c174ee002d182832
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
303c786927bd646a4ad3b8ec55683e6d6309513b 09-May-2017 Todd Kennedy <toddke@google.com> Don't require BROWSABLE

Initially we wanted to limit instant apps to VIEW/BROWSABLE
intents, but, apparently apps don't always set the BROWSABLE
category. So, allow any VIEW intent w/ a URL to resovle to
an instant app.

Change-Id: I96e25cca8abcbe89b4a227b707112184c19565c6
Fixes: 38146110
Test: Manual
Test: open go/aia-test-links
Test: click any link
Test: notice it launches the instant app directly [instead of going through the installer]
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0a3f081b228f527828f79c0beeca682de2743050 08-May-2017 Todd Kennedy <toddke@google.com> Add command to retrieve the instant app resolver

Bug: 33073536
Test: gts-tradefed run commandAndExit gts-dev -m GtsPackageManagerHostTestCases -t com.google.android.pm.gts.PackageManagerHostTest
Change-Id: I3050fb083da2f85c7226291ec5c7794ed95a13ef
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c0dd03a666467d03e140f3a43704b3f3f3f4d4b7 05-May-2017 Todd Kennedy <toddke@google.com> Create auxiliary info for local instant apps

This reverts commit a1d8051fa2317d897a6b20442177e357172e93db.

Change-Id: Ic471a4efe64406dd75cc0bf1d6464276a94347d8
Fixes: 37947648
Test: Manual
Test: Install an instant app [https://www.nytimes.com/crosswords/game/mini]
Test: Try to run installed instant app from gMail
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8cfb1a95dac102bbe2dbb931df0dd60da083ee2c 05-May-2017 Bryce Lee <brycelee@google.com> Merge "Revert "Create auxiliary info for local instant apps"" into oc-dev
a1d8051fa2317d897a6b20442177e357172e93db 05-May-2017 Bryce Lee <brycelee@google.com> Revert "Create auxiliary info for local instant apps"

This reverts commit e15e7cb592a923eea029c12aa9fc144a3fbaddc0.

Change-Id: I116904fd8c2b28df7e03bc5ec2414ed67761b380
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d14e67656f61d35ca4982cbee7aa9692f35fe9eb 05-May-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Don't set the failure extra on split install" into oc-dev
d55670bcf57febb38ec2b3bac86ad86a8200b443 05-May-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Create auxiliary info for local instant apps" into oc-dev
253984ed8c8f39fa0aa9c5f4addf2f44f334c749 24-Oct-2016 Vladislav Kuzkokov <vkuzkokov@google.com> Store "block uninstall" flag separately from the rest of package state.

This allows to set "block uninstall" prior to installation and avoid the
inevitable race that happens when Device Policy app tries to force install and
then immediately block uninstall.

BUG=31043188
Test: Block com.chrome.beta in TestDPC. install, fail to uninstall through adb, unblock, uninstall

Change-Id: I5ffa2abcb003982eccfb77585c43b59532dd501d
(cherry picked from commit 1fff9dcb9d0a4d7224ff8aa0f39e82df0b30152c)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7dd99e3d463eb2354e5ddb0cbeed1333ec590235 04-May-2017 Todd Kennedy <toddke@google.com> Don't set the failure extra on split install

Change-Id: I2f836b5ebc9f377ae8fe0a0d4a60541dd1666011
Fixes: 37852108
Test: Manual
Test: Install and run pico blast
Test: Note that the failure extra is set
Test: Click "New" to install a split
Test: Note that the failure extra isn't set
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bca6bd2b8c45020ec19e81b19b14370e72c03df4 04-May-2017 Fyodor Kupolov <fkupolov@google.com> Merge "Use timeout for *dexopt* wake lock" into oc-dev
e15e7cb592a923eea029c12aa9fc144a3fbaddc0 03-May-2017 Todd Kennedy <toddke@google.com> Create auxiliary info for local instant apps

Change-Id: I73fc6f36f666a0f4fd538e1d3c541ce10443902d
Fixes: 37947648
Test: Manual
Test: Install an instant app [https://www.nytimes.com/crosswords/game/mini]
Test: Try to run installed instant app from gMail
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e4f36952ab2f58ba92e0a269b3a051fe9bd25b59 03-May-2017 Nicolas Geoffray <ngeoffray@google.com> Merge "Update frameworks/base to new compiler filters." into oc-dev
72dc2fa6ad572ac58344f9435f3497a9bb87859a 26-Apr-2017 Todd Kennedy <toddke@google.com> Optionally let the instant app into disambig

When a user clicks "view on web", it's not assumed this is meant to be
forever. In this case, we will adjust the instant app's verification
status so that the instant isn't automatically run.

Change-Id: I246de901dafb23159a064d205fdb614d657a99dc
Fixes: 37686922
Test: Manual
Test: 1) Install instant app
Test: 2) Set to always-ask -- adb shell pm set-app-link package.name always-ask
Test: 3) Notice that we get a disambig w/ the instant app and chrome as options
Test: 4) Set to never -- adb shell pm set-app-link package.name never
Test: 5) Notice that we don't get the instant app
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
28f2855c3dbf0c7658d7f458fabb7c01d68e6f37 02-May-2017 Fyodor Kupolov <fkupolov@google.com> Use timeout for *dexopt* wake lock

There are reports of *dexopt* lock being held for 10+ minutes, which shouldn't
normally happen on threads that are monitored by the Watchdog. Added
logging to help detecting that.

The lock is now held with a timeout of WAKELOCK_TIMEOUT_MS. It is set to a
higher value than PM's watchdog timeout for easier reading from a timing
histogram.

Test: Manual, device boots without errors
Bug: 37756892
Change-Id: Iac569474d1c95447e08fe5e9870e4518b8d22c65
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d1326526104648e7b329c02af32e432b89adfc71 25-Apr-2017 Nicolas Geoffray <ngeoffray@google.com> Update frameworks/base to new compiler filters.

Also fix a merge issue with duplicated code.

bug:34715556
Test: build and boot aosp bullhead

(cherry picked from commit be7b0d18a7d68aa79dc8256ee904f0a94767d5d9)

Change-Id: I2c716427ac10090a694ce933421e4924748b0c71
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0d6c3a691ec020d5d67f2040c032043b08f6e3d2 02-May-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Rename to follow API council guidance." into oc-dev
f29d19610d7fe7c3b757dd6348a2bffc7e7b9435 01-May-2017 Jeff Sharkey <jsharkey@android.com> Rename to follow API council guidance.

Test: builds, boots
Bug: 37422404
Change-Id: Idcec897e775f2613805a86209615e389b63bd78d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e6b4614d88c04a3b3fb0497b5e8f6b4c359f6f2d 01-May-2017 Svetoslav Ganov <svetoslavganov@google.com> Addess API council comments

Test: manual

bug:37322491

Change-Id: I2017e667c5452c7ef7c56ec19c594e685700b33a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0ddca92018da69e7224b63cdedbf1944c63ddc34 28-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Allow system apps to define ephemeral permissions" into oc-dev
dc326a883efa75c4071284db2cdb48275e68b0f7 28-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Apply static RRO when parsing Android manifest of a target package" into oc-dev
30dc2a08667d56fdd3eecdcb70abec1b28d821f4 11-Apr-2017 Jaekyun Seok <jaekyun@google.com> Apply static RRO when parsing Android manifest of a target package

This CL creates idmaps for static RROs right before parsing a target
package. Those idmaps will be used to parse correctly the Android
manifest of the target package.

Later, OverlayManagerService will update each idmap with the correct
gid from the target package app id.
Note that the idmaps generated here will be used by OverlayManagerService
as well until they are outdated (http://ag/2127839).

Additionally a target package should be parsed again if its overlays are
updated to apply the changes.

Test: building succeeded and tested with sailfish-userdebug.
Bug: 37179531

Change-Id: Ie0d5e92ae6e06b2d377ebd4cfdb0a8519b49a944
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
38b58abaac77c4237cf3ac1e6ef047151bf243f2 28-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "add 'changes' cmd to dumpsys" into oc-dev
ffa07d2a8fc6ccf742a30de2041115a428f3ff8d 28-Apr-2017 Chad Brubaker <cbrubaker@google.com> Allow system apps to define ephemeral permissions

Test: manual
Change-Id: Ib21c48348d0d3e84fe9d913960443cdbec0bdc8b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a50f89ffeb9cc5d87cc71079d01279ea57bc044a 27-Apr-2017 Todd Kennedy <toddke@google.com> add 'changes' cmd to dumpsys

Bug: 37714054
Test: Manual; adb shell dumpsys package changes
Change-Id: Ibab209f80da7ac588bae54c3226305a95306cd7c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
301663a61bda0e2eb863d6518de882cf805abcf7 27-Apr-2017 Makoto Onuki <omakoto@google.com> Merge "Change IMPORTANCE_PERCEPTIBLE_DEPRECATED to IMPORTANCE_PERCEPTIBLE_PRE_26" into oc-dev
a9d0e6b2053643a092d63dfa1671dd9e18a9529b 27-Apr-2017 Chad Brubaker <cbrubaker@google.com> Merge "Allow apps to provide the Instant App installer extra information" into oc-dev
e92f79450a0e3a55586eb2992577d09fc997761a 26-Apr-2017 Makoto Onuki <omakoto@google.com> Change IMPORTANCE_PERCEPTIBLE_DEPRECATED to IMPORTANCE_PERCEPTIBLE_PRE_26

Also make sure to return the legacy value from
RunningAppProcessInfo.importance.

Bug: 37636026

Test: cts-tradefed run cts-dev --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -l INFO -m CtsAppTestCases -t 'android.app.cts.ActivityManagerTest#testGetRunningAppProcesses'
Test: cts-tradefed run cts-dev --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -l INFO -m CtsAppTestCases -t 'android.app.cts.ActivityManagerTest#testGetMyMemoryState'
Test: cts-tradefed run cts-dev --skip-device-info --skip-preconditions --skip-system-status-check com.android.compatibility.common.tradefed.targetprep.NetworkConnectivityChecker -a armeabi-v7a -l INFO -m CtsAppTestCases -t 'android.app.cts.AlertWindowsTests'
Change-Id: Ie04e4dfa40c28ea391ae5ce3c769c6f8ee70a43d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0606861de50995e997d7c117e3bab1eb5db06da8 06-Apr-2017 Chad Brubaker <cbrubaker@google.com> Allow apps to provide the Instant App installer extra information

Apps may want to provide additional context information to the instant
app installer in order to allow the installer to make smarter choices
about the context of the launch. This CL adds a bundle to
ActivityOptions that is sent to the Installer (if an Instant App is
launched) but not to any other application if something else on the
device handles the Intent instead.

Bug: 35180854
Test: manual
Change-Id: Ifc69a420a9c68041b39acd8a4b83db8a789822a6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0a4b7f5a867612fffc14cbc480da306e89ec4892 26-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Add concept of implicitly exposed components" into oc-dev
6338cd815564f8bfa2e0cd27ad898b04bb9d475d 25-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Clear default-browser state when it's uninstalled" into oc-dev
c05f5d12d9a1b98221833ec0919d081a869d2486 25-Apr-2017 Todd Kennedy <toddke@google.com> Add concept of implicitly exposed components

Implicitly exposed components are those that can still be accessed
via generic startActivity() calls. However, they cannot be started
by specifying a package or component. Additionally, package info
can't be obtained if the package only has implicitly shared
components.

Change-Id: I404a4dff87559cfeee6ad78f7dcc7f5d849d6869
Fixes: b_37343345
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ade1496f967e4be96968e016d52887eadcaddd15 25-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "fix check for provider resolution" into oc-dev
53d52c8fbf814154aaa0d4209efefd4f6cb2f465 25-Apr-2017 Christopher Tate <ctate@google.com> Clear default-browser state when it's uninstalled

When the default browser is uninstalled, make sure to clean up that
bit of state in the package manager. Failing to do this was giving
the settings UI problems.

Also, don't bother twiddling intent-filter verification state around
default-browser change: that state is intentionally ignored for
browser apps anyway.

Bug 35193618
Test: manual

Change-Id: I0cedc4efdc5a7e2aa0d322e9976b68e000e6eca7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cc576cfbb4e3d63b5c01e1ad881f0b2c33d9bf28 24-Apr-2017 Todd Kennedy <toddke@google.com> fix check for provider resolution

Change-Id: I504e16463fbd58fb97a65ca74ffa38697e715652
Fixes: 37547666
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest#testEphemeralQuery
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
08896b34ac79a64956769e1125800c7f19892f25 24-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Send directed broadcast to the installer" into oc-dev
9cea1d28dd96b05cf3cb910e03ade9dfc5146745 21-Apr-2017 Nicolas Geoffray <ngeoffray@google.com> Drop REASON_FORCED_DEXOPT.

This can already be configured with the default compiler filter.

Also remove unused performDexOptIfNeeded.

bug:35794392
Test: device boots, forced dexopt works.
Change-Id: I14fc86c4783b2d7ac9cf8972b6619ba303e79659
(cherry picked from commit e103256c1fee6b53ead10efe13ca35ad270626fa)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5e756e61cfab898ce7c0d09ecd48e34856978afa 21-Apr-2017 Todd Kennedy <toddke@google.com> Send directed broadcast to the installer

The installer of record should be allowed background execution when
an application is removed/updated. The installer of record is the
installer that was responsible for installing the latest version of
the application.

Change-Id: I19ed0120975e6f75ac7e4982b21dd4785552a9e7
Fixes: 36788678
Test: Manual; install an app via 'adb' and set the installer, see that the installer gets the directed broadcast when the app is removed/replaced
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aa6b649a35072dc529c3b09bab097815fe3bff81 20-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Revert "Introduce PACKAGE_FIRST_ADDED broadcast"" into oc-dev
4b26576175ad33c204ae0cd7946f800006443712 20-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Treat the intent filter verifier app as foreground" into oc-dev
94b91dbbb899a4a1c9e5eec6cda5d7138f0a49b7 20-Apr-2017 Christopher Tate <ctate@google.com> Revert "Introduce PACKAGE_FIRST_ADDED broadcast"

This reverts commit ee3b42af3f23c37cbd2799c1527f89ac623844be.

Bug 37219124
Test: manual
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8ffd8f78484410fbac45480c23e803bbb0a00ec7 19-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Allow verifier to be optional" into oc-dev
e61b60115f3b08535ebc94e57b62ddd8a3f7de0f 19-Apr-2017 Todd Kennedy <toddke@google.com> Allow verifier to be optional

Change-Id: Ibf01e5283b744f7745e92523787abb3d31a2c813
Fixes: 37412895
Test: Manual; disable verifier and notice that the device doesn't boot loop
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fb9bd09db0e9155f5291f91029a9dedbced0da17 19-Apr-2017 Christopher Tate <ctate@google.com> Treat the intent filter verifier app as foreground

Similarly to other install-time validation, its work is a direct
extension of the OS's processing of a user-initiated install action,
so it's appropriately modeled as being "foreground" work.

Bug 37502027
Test: manual

Change-Id: Ib6426fa3c7cb05c4e758ddad3356011e4753629e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0d277a7b189c8807d142b69dd8d00b17978a49a5 13-Apr-2017 Chad Brubaker <cbrubaker@google.com> Change ANDROID_ID for Instant Apps

ANDROID_ID for Instant Apps now has the following properties:
1) per-app scoped
2) reset if the user clears the Instant App
3) remains the same if the Instant App gets upgraded to an installed
app.

Note that if the user goes instant -> installed_1 -> uninstall ->
installed_2 the ANDROID_ID at installed_1 will not be the same as
installed_2. This was deemed better than the id changing on the upgrade
step.

Test: manual
Change-Id: I532975c50049c94ff80902a897e001dd35a69f9f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
57ed0ba69d7f36493fc45cac66764bfeb10c6998 19-Apr-2017 Svetoslav Ganov <svetoslavganov@google.com> Merge "Address API council comments" into oc-dev
0cb43ef67b5d284f6c0afbca5a50e189355c0ab3 18-Apr-2017 Svetoslav Ganov <svetoslavganov@google.com> Address API council comments

Test: all static shared lib CTS tests pass

bug:37327970

Change-Id: Ie8c4d853da5fa0a6125b9def38831860f79ce53d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
00ed0baca874e171ecb39e51edfe0ee6eb6646f2 18-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Turn down the preliminary foreground service API" into oc-dev
242ba3e997b45ec7ab5f8c40663c9044a13ad31f 15-Apr-2017 Christopher Tate <ctate@google.com> Turn down the preliminary foreground service API

The NotificationManager.startServiceInForeground() experiment is over,
and will not ship as API, so it's time to tidy up and get rid of it.

Bug 36130212
Test: manual

Change-Id: I834d1ce059aa464ff27f69f5e5d3625cc5e61d8a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e400c441c2669b7b3643d70ecc5a637ecf8d2b54 11-Apr-2017 Mike Tsao <miket@google.com> Add tests for ag/2086796

Fixes: 37192695
Change-Id: Id0b3cbf986490d64cdc5592541dee1b004853503
Test: added
(cherry picked from commit cfe4ffecceee005ff6bc79dcc1637f44f82bd43a)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e15f91276c7af4b8c064aa33518519603d494bb2 17-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Fix issue #35811414: Allow manifest receivers for ACTION_UID_REMOVED" into oc-dev
a138567131896ff47f17af72b82deabf8f8d9080 15-Apr-2017 Dianne Hackborn <hackbod@google.com> Fix issue #35811414: Allow manifest receivers for ACTION_UID_REMOVED

Test: booted and ran.
Change-Id: Id972da711188177ca3ac38a22efa04c5901e7d47
Merged-In: Id972da711188177ca3ac38a22efa04c5901e7d47
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
801e65905b267014f390439cf8388b6ccc854e18 12-Apr-2017 Todd Kennedy <toddke@google.com> expose the instant app installer component

Bug: 35873804
Test: TreeHugger
Change-Id: I4d962927587bb10833bfe3c3db27fdceab668fc3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
38916742040f33f821ca5381c66160bb5b25214d 13-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Filter instant app content providers" into oc-dev
117ac766a931e1893fb4a61a95670d23c409f140 13-Apr-2017 Chris Tate <ctate@android.com> Merge "Introduce PACKAGE_FIRST_ADDED broadcast" into oc-dev
1423ea3a45761eec3c98fe470373407bc3e6316f 13-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Report app data fixup and prepare timings" into oc-dev
ee3b42af3f23c37cbd2799c1527f89ac623844be 11-Apr-2017 Christopher Tate <ctate@google.com> Introduce PACKAGE_FIRST_ADDED broadcast

When an app first appears on a device, this new broadcast is issued
including to manifest receivers. The more general PACKAGE_ADDED
broadcast continues to be issued for both first install and updates,
but is not delivered to manifest receivers of apps that target O+.

Bug 37219124
Test: manual

Change-Id: I59b0a0b0dce96a909076b41280771f63e59584be
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c06c0306717d0e1fc132541127f3657e937f02f4 10-Apr-2017 Todd Kennedy <toddke@google.com> Filter instant app content providers

Only expose the correct content providers depending upon which
component defines/exposes them.

Change-Id: I283c787165e33d9515068487f83de6d28616b427
Fixes: 35871462
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e7b806e9d27ca20103cf5f4b7df32ce9bdc6aa49 12-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Allow instant app resolution for any user" into oc-dev
fc1bfc442cb52d4f904e6bf946f191bcf007277a 08-Apr-2017 Jesse Evans <jsje@google.com> Rename WEB_ACTION_ENABLED to INSTANT_APPS_ENABLED

Renames the instant apps setting to reflect what it is for.

Adds the SystemApi annotation to make this field visible
to the resolver and installer.

Test: existing tests

Change-Id: I1651bb101d69bdfdaa63c004435025c68a33cd8e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a1ff00157c0ba3aa7ad93d5a4695fed97e18c430 12-Apr-2017 Fyodor Kupolov <fkupolov@google.com> Report app data fixup and prepare timings

They are now reported under SystemServerTimingAsync tag, which is
tracked by boottime dashboard.

Test: manual
Bug: 37186619
Change-Id: Ib3608d7cf27012b5dab1947446fcb8d8496bbf91
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ad724f61ade7b165bcbe6bbd93da62835dc8d636 11-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Rebase enabled overlays for every PackageParser.generateActivityInfo() call" into oc-dev
bf297bcf295735d186a627acbefa68f183562070 11-Apr-2017 Todd Kennedy <toddke@google.com> Allow instant app resolution for any user

Change-Id: Iaf26cfda3a8226d97eb147b0a9e62f051b33e81b
Fixes: 37215608
Test: Swtich to secondary user and see that instant apps resolve and launch
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
467ef375b73522f5b352b4be9bff786d1dc8eca0 09-Apr-2017 Jaekyun Seok <jaekyun@google.com> Rebase enabled overlays for every PackageParser.generateActivityInfo() call

PackageParser.generateActivityInfo() generates ApplicationInfo as well.
So enabled overlays should be rebased for the ApplicationInfo to keep
the overlay path info correctly.

Test: building succeeded and tested on sailfish device.
Bug: 37179769
Change-Id: I12727fd27c1d4cf37ad63b333792108a82efccd6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aedca2e55d5d5b9ebe957431b9515e3b23406565 11-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Cache mEphemeralAppsDisabled state" into oc-dev
433d68713f76a4fe0c4616d775ae90c4133105b1 07-Apr-2017 Fyodor Kupolov <fkupolov@google.com> Cache mEphemeralAppsDisabled state

Init mEphemeralAppsDisabled in systemReady when settings provider
is available.

Registered content observers for ENABLE_EPHEMERAL_FEATURE and
WEB_ACTION_ENABLED.

Test: manual triggering enable_ephemeral_feature=1/0
Fixes: 36869938
Fixes: 36895304
Change-Id: I0051c45bb209d86041b967a409f8a95967df21dc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4efa14c78449d5ef6c222256fa63edc09d91c1ff 10-Apr-2017 Todd Kennedy <toddke@google.com> send broadcast to the right users

Change-Id: Ibda2d922cd58d6ca1c1a4ecdccaa25e5c71c6320
Fixes: 37192695
Test: manual; create restricted profile and see that users haven't been removed
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1fd46de245e24d7e73a9d283c1af544915e0d3bc 07-Apr-2017 Calin Juravle <calin@google.com> Merge "Check for a null packageInfo before notifying about app install" into oc-dev
d34076385d34ee4b4d4712e33d10133d08339d49 07-Apr-2017 Calin Juravle <calin@google.com> Merge "Reconcile secondary dex paths when compiling with adb shell cmd..." into oc-dev
c33cbb21e8cc3d3501fc53c45e9263274c524d85 05-Apr-2017 Todd Kennedy <toddke@google.com> change how instant app installer is updated

. only pay attention to package changes if there's no
installer or the changed package is the installer
. always update the installer component, even if the
resolved component is identical [the install paths
might have updated]

Change-Id: I16eba07ccdb55f5cb61ba6172e71ce1698445fa5
Fixes: 36740490
Test: Manually install/remove/update the installer and see that the component is updated
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
72bb1c61c57705df3b3ea7626ef408126d0817f1 06-Apr-2017 Calin Juravle <calin@google.com> Check for a null packageInfo before notifying about app install

Test: device boots (wasn't able to repro the race)
Bug: 36642664
Change-Id: Ibab3109a8605c2ff8555d3308cb96389e480cc84
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
941e9e2b38ae46e167d03f5d5d7afb9701dde88f 06-Apr-2017 Chad Brubaker <cbrubaker@google.com> Merge "Allow permissions to be runtime-only." into oc-dev
13dcd27fb54546d33fa949ec9e7b81fc973ecb88 06-Apr-2017 Calin Juravle <calin@google.com> Reconcile secondary dex paths when compiling with adb shell cmd...

Test: running `adb shell cmd package compile -r bg-dexopt -f --secondary-dex com.google.android.gms` prints no error for missing dex files.

Bug: 36895499
Change-Id: Ibde3d47121dcb2c252fe29772d8db81ea599b2d0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e7ec7ec6343b2de2e072749c5cdb710da1437880 06-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Bind with the correct action" into oc-dev
02a6b73e979e07bfd20cbaca01cb16a165c7b791 05-Apr-2017 Todd Kennedy <toddke@google.com> Bind with the correct action

While services themselves don't need an action when an explicit
component is specified, services in GMS may be different. In
the case of instant apps, the resolver service is hidden behind
a proxy that uses the action to route to the actual, implementing
service.

Bug: 36594944
Test: see that ephemeral resolution occurs
Change-Id: Id8c352614f780dc63f36c65be2ddb2d480b6846b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f6746ce14819b3b153e2d20ae3d85069ae5578a9 05-Apr-2017 Todd Kennedy <toddke@google.com> don't honour domain verification for browsers

When a default browser is set, we change its domain verification status
to "INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS". This change is
global and permanent; it affects all URLs and won't be cleared by
resetting the browser's domain handling in settings.

To properly handle this, we don't pay attention to the domain verification
status for "browser" applications when we determine whether or not to
offer an instant app.

Change-Id: I1e2766e9856b0c9d3276e33a8db10195c72ae6ea
Fixes: 36978307
Test: Install firefox, start a browser intent [from command line], select chrome and choose "use always", start another browser intent that resolves to an instant app, see that ephemeral apps still resolve
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0283544c498bbc8293207ffb47662e285bf42384 05-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Allow background default container service in a less crashy way" into oc-dev
2952cbeb8e42558d78e5897a7f860b8b32e81e5f 05-Apr-2017 Todd Kennedy <toddke@google.com> look for old intent values

the instant app installer/resolver/setting components haven't updated
to the new values yet. Need to continue looking for the previous intent
values.

Test: boot and see ephemeral enabled
Change-Id: Id88191a4878a138fa90bbd9816805ff76665ada9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b28e1e68d2e3623d2a526654817e0d695e0a8440 05-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Don't broadcast PACKAGE_REMOVED for InstantApps" into oc-dev
424b03f75e98c8af4061236ef1dd2785f5608299 04-Apr-2017 Christopher Tate <ctate@google.com> Allow background default container service in a less crashy way

Turns out we run this code during early boot, before the device idle
service has even been constructed yet. Find another way to achieve
the needed service execution.

Bug 36865930
Test: manual

Change-Id: I8e3304f37c3a5ee125b73aef2b7d7c7b387aa200
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5379b05256166b7ec01da3f8776a23340fabf9f5 05-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Change name of the intent fields" into oc-dev
3daefb4b102a92fc9bf3ea9c382e8e673bb070d9 04-Apr-2017 Todd Kennedy <toddke@google.com> Don't broadcast PACKAGE_REMOVED for InstantApps

Change-Id: I7f054bbf844ad6c1b9a8aa20c5ba91cbf9a5db04
Fixes: 36444594
Test: Manual; uninstall AIA and see that the broadcast isn't sent
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
359ce10912dcf2f9ccdbb5e3dfd5afad055a25c1 04-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Offer to "fixup" GIDs used for app data." into oc-dev
2b285566a4fd99640be5f029ffa78320d265b22f 04-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Dump PackageInstaller state outside of mPackages lock" into oc-dev
d46a1604b7e95f7c04966d2961f59858651495c2 04-Apr-2017 Todd Kennedy <toddke@google.com> Change name of the intent fields

Change-Id: I67d3f5c7fb3189fdb35908011e92cc82c24b9154
Fixes: 36594944
Test: cts-tradefed run commandAndExit cts-dev -m CtsSignatureTestCases -t android.signature.cts.IntentTest#shouldNotFindUnexpectedIntents
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a5d70a17ebd1b3ffe026879c5d9d96f04d10d4f2 23-Mar-2017 Chad Brubaker <cbrubaker@google.com> Allow permissions to be runtime-only.

This adds the new runtime protection level flag that if set means
the permission can only be granted to apps that target runtime
permissions (>= M).

ANSWER_PHONE_CALLS has also been made runtime-only.

Bug: 30932767
Test: cts-tradefed run commandAndExit cts-dev -m CtsPermission2TestCases
Change-Id: I42b30414c808730f2d5961ca31b6e3db740b8cf7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
765a1b78576c94c316bb270ee11f153f1b2fedaa 04-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Fix PackageManagerService passing usesLibraryFiles to dexOpt." into oc-dev
b0be09922cc7647b005c4ef657b96470fecc5ddb 29-Mar-2017 Jeff Hao <jeffhao@google.com> Fix PackageManagerService passing usesLibraryFiles to dexOpt.

The shared libraries for the package need to be updated before calling
performDexOpt so that they can be populated and passed down to dexOpt.
This isn't missing in the AOSP version, so the fix is only for master.

Bug: 36698836
Test: cts-tradefed run singleCommand cts -d --module
CtsAppSecurityHostTestCases -t
android.appsecurity.cts.UsesLibraryHostTest

Change-Id: Id58bd50a13e5115af03c9167d4eb7f4b1d1dc9da
(cherry picked from commit 1d643dabe543f3f1b7d96485d6317eece7836a4e)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aadbb7fab0cc543a3a5c998587539650169339dd 03-Apr-2017 Jesse Evans <jsje@google.com> Load IA resolver settings from resolver package

Changes the logic of getEphemeralResolverSettingsLPr() to resolve
a settings component in any of the packages whitelisted to provide
the instant apps installer.

Test: Boots

Bug: 36840581
Change-Id: Iac5e3dfa2cb97a630092212322f9c983c2d29926
(cherry picked from commit d4310934905aea48079dd5e3a590cd4e2427dcac)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
19627d678bae7aa707990c1e0122579e47ff63c2 04-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Emit fingerprints during OTA upgrades." into oc-dev
09546ff639d8838b896da2d6a27ee7d930401e1c 04-Apr-2017 Fyodor Kupolov <fkupolov@google.com> Dump PackageInstaller state outside of mPackages lock

Otherwise it may cause a deadlock.

Also removed new line before instant attribute.

Test: manual
Change-Id: I2812a6fe76c638f12728ca6850918eb3a98e3158
Fixes: 36813032
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0751546c16d1aae0632220dbaca6a29722708617 04-Apr-2017 Jeff Sharkey <jsharkey@android.com> Emit fingerprints during OTA upgrades.

Can be used to help confirm diagnosis of bugs like 34525014.

Test: builds, boots
Bug: 36795529
Change-Id: Ie2517061ef031716c493b2544b0fb95628f20737
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1566233bfdb994cd41d21ffb2615af8d0e29166f 04-Apr-2017 Jeff Sharkey <jsharkey@android.com> Offer to "fixup" GIDs used for app data.

We recently started tracking cached app data using a per-app GID for
the "cache" and "code_cache" directories and their contents. For
upgraded devices, we ideally want to "fixup" the GIDs of any existing
data while the device is still showing the boot animation, instead of
blocking the user when they unlock the device.

This fixup operation has the nice side-effect of priming the dentry
cache with all the directories that we'll be validating when unlocking
a user, so by always running fixup we speed up onBeforeUnlockUser()
from about ~540ms to ~220ms.

Test: /data/nativetest/installd_service_test/installd_service_test
Bug: 34201111, 35084485
Change-Id: If40244d0356beb11df25d3052097c3c5a90d010f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e35d50622c8387919e42b81c7b052c64decb0615 03-Apr-2017 Chad Brubaker <cbrubaker@google.com> Merge "Rename READ_PHONE_NUMBER to READ_PHONE_NUMBERS" into oc-dev
35110948b7ada496bb4bd8af2a5c9b721275f971 03-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Implement service filtering" into oc-dev
91232840aa1cebd4586ab2437243345a05f34fa4 03-Apr-2017 Jorim Jaggi <jjaggi@google.com> Revert "Temporarily bg-whitelist the default container package-cleaning service"

Causes bootloop.

This reverts commit f16e7423c79c4ccccf43265a5b1966eb8e7f7be7.
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fd463121c64643557af5324a8f480677facab15b 03-Apr-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "We really want f_frsize and f_bavail." into oc-dev
dafb17e7eb9a15862ed1314dff2b82d29ad23632 03-Apr-2017 Jeff Sharkey <jsharkey@android.com> We really want f_frsize and f_bavail.

It's confusing, but f_bsize is not the value you're looking for; the
real block size is f_frsize. Fix all those bugs.

Also, the vast majority of clients are interested in the usable
disk space, not including reserved space.

Test: builds, boots
Bug: 36840579
Change-Id: Ib1470389afd49c14cab62282ec1e978ebb2c4791
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6df866a8510af2776c48425a361f708ae7f5d7d6 31-Mar-2017 Jeff Sharkey <jsharkey@android.com> Enforce PACKAGE_USAGE_STATS for usage data.

Some system services are offering package usage data through both
public/system APIs and through dump() calls. In principle, usage
data hould always be protected with PACKAGE_USAGE_STATS, so start
enforcing that. (Otherwise if a user blocked PACKAGE_USAGE_STATS
access to an app, that app could still obtain the data via dump()
if they held the DUMP permission.)

Bottom line, let's respect the user's wishes.

Protecting the entire output like this is pretty blunt, but future
CLs can add more nuance to the output if desired.

Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest
Bug: 32806790
Change-Id: I46173562713bea7d89e12a4313c78eb52ea8d77d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fe9a53bc45fd0124a876dc0a49680aaf86641d3e 31-Mar-2017 Jeff Sharkey <jsharkey@android.com> Consistent dump() permission checking.

This change introduces new methods on DumpUtils that can check if the
caller has DUMP and/or PACKAGE_USAGE_STATS access. It then moves all
existing dump() methods to use these checks so that we emit
consistent error messages.

Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest
Bug: 32806790
Change-Id: Iaff6b9506818ee082b1e169c89ebe1001b3bfeca
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
51b3aaccfe7f8d7a97fb1218c40a37428f26a6a1 31-Mar-2017 Todd Kennedy <toddke@google.com> Implement service filtering

Instant apps can no longer see services that haven't been
exposed to them via the visibleToInstantApps attribute.

Change-Id: I6fd78067d1253825668d67b9e17dd3a0703f5d57
Fixes: 35871716
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0c1651f2899ae3d13db005315ed3709f56ab3db3 31-Mar-2017 Chad Brubaker <cbrubaker@google.com> Rename READ_PHONE_NUMBER to READ_PHONE_NUMBERS

Bug: 35853790
Test: make -j128 checkbuild
Test: cts-tradefed run commandAndExit cts-dev -m CtsPermission2TestCases
Change-Id: I11d374cbbb6c2deaf74ac784ff995bd182fe9157
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f16e7423c79c4ccccf43265a5b1966eb8e7f7be7 29-Mar-2017 Christopher Tate <ctate@google.com> Temporarily bg-whitelist the default container package-cleaning service

Bug 35968513
Test: manual

Change-Id: Iac3e831631d279f68dec3a49d50393a4abf03088
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
474662da390937a95ed2e3b3acdae00c92be47d8 30-Mar-2017 Nicolas Geoffray <ngeoffray@google.com> Merge "Drop REASON_SHARED_APK." into oc-dev
08992ac57e973d6bf32693725ebb341a481e5944 21-Mar-2017 Christopher Tate <ctate@google.com> API refactor: context.startForegroundService()

Rather than require an a-priori Notification be supplied in order to
start a service directly into the foreground state, we adopt a two-stage
compound operation for undertaking ongoing service work even from a
background execution state. Context#startForegroundService() is not
subject to background restrictions, with the requirement that the
service formally enter the foreground state via startForeground() within
5 seconds. If the service does not do so, it is stopped by the OS and
the app is blamed with a service ANR.

We also introduce a new flavor of PendingIntent that starts a service
into this two-stage "promises to call startForeground()" sequence, so
that deferred and second-party launches can take advantage of it.

Bug 36130212
Test: CTS

Change-Id: I96d6b23fcfc27d8fa606827b7d48a093611b2345
(cherry picked from commit 79047c62b58fb0a0ddf28e2b90fe4d17e05bc528)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cd181e63ff1a03aff38041e6f30e23cfa27f5c72 30-Mar-2017 Chad Brubaker <cbrubaker@google.com> Merge "Track isolated process owners" into oc-dev
2ab076f611cecb771fe546580634583a27c61aa5 26-Mar-2017 Nicolas Geoffray <ngeoffray@google.com> Drop REASON_SHARED_APK.

This reason was only used by "system shared libraries", not shared
APKs like GMS.

Code that uses this reason is now obsolete, as we do compile these shared
libraries when we see an apk that uses it.

bug:33799337
Test: m -j32 && boot
Change-Id: I2eef22797551401a5c39ed339bc2486cf0d091a8
(cherry picked from commit 86d1e9e23e79687ae94854fc6aa22c3d4ad98423)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
de0272b85c4ff1eba1c58a3cdfd53bd5eb9925ef 26-Mar-2017 Nicolas Geoffray <ngeoffray@google.com> Drop REASON_NON_SYSTEM_LIBRARY.

Dexopt them with the same "mode" as the apk we are
going to dexopt. Because we treat them as shared, this
means they are only going to be fully compiled once an app
that has it in its <uses-library> gets compiled.

bug:33799337
Test: m -j32 && boot
Change-Id: Ic93fbcf45be6b9cf31ad3a3eb498f9fbbefeb288
(cherry picked from commit 90978b4159dd1394c0643ae8171d24668fbc27a4)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
30f18587e3bf6079f910699c89f1b702664982b5 24-Mar-2017 Nicolas Geoffray <ngeoffray@google.com> Drop REASON_CORE_APP.

After ensuring apps used by system server are speed compiled
on /system, we don't need a special reason anymore.

bug:36532541
bug:33799337

Test: m -j32 && boot
Change-Id: I1fb894f0f5b796cb9d59ed01a4afb2709c0f5496
(cherry picked from commit b70e4bfe0776a3446ccfddd5a10b1ff155f60e34)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0f28a80d8e80a3546fe0776999b2deaa3dc2157c 29-Mar-2017 Chad Brubaker <cbrubaker@google.com> Track isolated process owners

This fixes two issues:
1) Isolated processes spawned by Instant Apps do not get full access to
package lists as those spawned by normal apps do
2) Package manager considers the isolated process the same app as the
Instant App that created it when determining what packages are exposed.

Bug: 34087569
Test: Webview works
Test: Isolated apps cannot access package info of other apps via start
an isolated service.

Change-Id: Ib26280b87fb46dc66f1f25ee6209427a095342b0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
61ae34afe3473909f5e6f0d90a889757d99ea12f 28-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Intercept direct launch of instant app installer" into oc-dev
b21be12d9db5d0d85afa26e401813eaa360bd2e0 24-Mar-2017 Todd Kennedy <toddke@google.com> Intercept direct launch of instant app installer

The instant app installer is not designed to be launched directly
by 3p apps. Instead, intercept the launch and make it look like
a "normal" instant app launch.
cherry-picked from I89c9b8c56865e260a2b92f8c2312a305a74f9cf5

Bug: 33073524
Test: Built and notice poorly behaving apps [*cough* keep *cough*] now launch instant apps
Change-Id: I5401aa8423042f54f1478409065b0d6b25cebe89
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
336ae5b6161454304ef09be715505007c7a7da56 24-Mar-2017 Chad Brubaker <cbrubaker@google.com> Add ACTION_EPHEMERAL_RESOLVER_SETTINGS

This Intent will be used in Settings to show the settings UI for the
Ephemeral resolver. Settings can get the correct component to send the
Intent to by calling
PackageManager.getInstantAppResolverSettingsComponent

Bug: 35918998
Test: Boots
Change-Id: I0edcf85704f2c19e0ee27f91b6ef057d52e32778
(cherry picked from commit aa49cb86e6d5f23d82c97db32c848bc4ea2b81bc)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4b0aa4db3a0d8101293832dd554b53cb8a0114b9 24-Mar-2017 Fyodor Kupolov <fkupolov@google.com> Use resolved ActivityInfo to set instant app installer

Previously we were only using the component name, which is not always
enough.

Now the resolved ActivityInfo is used and only 'flags'/'exported' and
'enabled' attributes are modified.

Test: Manual
Bug: 34751853
Change-Id: I32a2a2bd98cc5d73ab02ccfc100868b826bb8105
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e219aaae85bc8749b787d27fa9fd741035f7f17f 23-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Delete preloadsFileCache when the cache has expired"
935618a2c5d8e776a1372473e6355c65f0570414 23-Mar-2017 Fyodor Kupolov <fkupolov@google.com> Delete preloadsFileCache when the cache has expired

Added deletePreloadsFileCache that can be called from settings app.

Modified freeStorageAndNotify to call deletePreloadsFileCache if the
cache has expired, or aggressive flag is set.

Bug: 34690396
Test: Manual
Change-Id: Ia097cd2f62ad501644be1c2cc573c249d8cfbf55
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
749b26abe58f63bd8a9234215bf852fa8391db5a 23-Mar-2017 Todd Kennedy <toddke@google.com> Allow the Instant App installer to be dynamic

Change-Id: I58e81f5f473ac1cffb8947cd713bb1249ce00305
Fixes: 33072933
Test: add/remove/update the instant app installer and see that it changes dynamically
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fbd54b42637641dfaafb9ffff6f6ffc8701e4e24 23-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Revert "Allow the Instant App installer to be dynamic""
829ea130bf9c3bdea6143f2c46f8145a1549d294 23-Mar-2017 Esteban Talavera <etalavera@google.com> Revert "Allow the Instant App installer to be dynamic"

Breaks work profile creation among other multi user issues

Bug: 36530935

This reverts commit 85942c2bc69385eb326cfe0e15ad9223bf1cffb5.

Change-Id: I0b5901a02ca590b7e8121aa8babe5b1c5819eca7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fb92c738dfde66468cec1ea460566bf7bd9f0935 23-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Fix launching installer on missing split"
40199e3d4c5c8cd0cfee9590eea89b1359e8b88e 22-Mar-2017 Todd Kennedy <toddke@google.com> Fix launching installer on missing split

Bonehead mistake; we were applying the post-resolution filters twice.
Don't do that!

Test: build and see that the installer runs when trying to launch a split that's not on the device
Change-Id: Ice65cdd7cc85d0394422009ba42f388f0ec2595c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ab2bc07e5fcf2797c165890109016af0ee314e46 22-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Prevent downgrade of targetSandboxVersion"
9a4b2ab18cc54d954f6d6a3981af10ec13acbb0b 22-Mar-2017 Todd Kennedy <toddke@google.com> Merge "Allow the Instant App installer to be dynamic"
85942c2bc69385eb326cfe0e15ad9223bf1cffb5 21-Mar-2017 Todd Kennedy <toddke@google.com> Allow the Instant App installer to be dynamic

Change-Id: I4f8e341dd3cb993099cdcf170141aef37a62604b
Fixes: 33072933
Test: add/remove/update the instant app installer and see that it changes dynamically
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6f4b2a3039ac353e1b0bcebfdebba5060ad38cf3 21-Mar-2017 Jeff Sharkey <jsharkey@android.com> Shame developers that are calling hidden APIs.

Test: builds, boots
Change-Id: Id3edf1a7890f7dbc4cff2a2699bbeabc247c6e90
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cf2c279a2320de6d81f7fffa4ddfd9780abe1e20 18-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Add TRON logs"
072082d617832d476a59a47d26478b6cdc8ba361 18-Mar-2017 Calin Juravle <calin@google.com> Merge "Compile secondary dex files according to REASON_BACKGROUND_DEXOPT"
50d946c13a5a47c6617530425479b0ad4f381700 17-Mar-2017 Todd Kennedy <toddke@google.com> Add TRON logs

Add logs for instant app resolution [both phase 1 & 2]
as well as new logs for all activity starts.

Change-Id: I0d25daa383854eacd3bc406ce1360d819a8ec4ba
Fixes: 35442251
Fixes: 35441725
Test: Manual; install/run instant app and inspect the event logs for appropriate tags
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1c10a61a97afb889553f7a7a209ac59a580964fb 17-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Allow Instant Apps access PackageInfo of exposed apps"
06ca1e08739fb2df62327293a6222f541639642d 17-Mar-2017 Chad Brubaker <cbrubaker@google.com> Allow Instant Apps access PackageInfo of exposed apps

Instant Apps can only see apps that explicitly expose a component via
android:visibleToInstantApp.

Bug: 34087569
Test: cts-tradefed run commandAndExit cts-dev -m
CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Change-Id: Ibcba43597f545966abc883e90008369fb20d61ae
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a70b1b120365976f5eeb7cb3f577f5f6ff7ad18e 10-Mar-2017 Calin Juravle <calin@google.com> Compile secondary dex files according to REASON_BACKGROUND_DEXOPT

Test: adb shell cmd package bg-dexopt-job works for sercondary dex files

Bug: 32871170
Bug: 26719109
Change-Id: Iaee8071449c83e774b2fe331aaccfc5433856f4f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4fd6eb6192d4eba6809fee8f35dd0afe6a24ddbc 16-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Avoid trying to grant non-ephemeral permissions to instant apps"
91d40f1baa2eeed2aa68d2492e20650d5e71dab5 16-Mar-2017 Calin Juravle <calin@google.com> Set pm.BackgroundDexOptService as the source of true

The real dexopt maintainance job is
com.android.server.pm.BackgroundDexOptService, and not
com.android.server.BackgroundDexOptJobService

Partial revert of commit 096d304ae3d85c1bfcda1a1d9cd4eb13d0815500.

Test: manual inspection
Bug: 36140426
Change-Id: I983ac91117f107282095fa7eefdbce08e0dcfce3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
64814139ada90b09ce85c3c71ffd6df99133e5e5 16-Mar-2017 Chad Brubaker <cbrubaker@google.com> Avoid trying to grant non-ephemeral permissions to instant apps

Fixes: 36272655
Test: `adb install -g --ephemeral` does not crash if an app requests a
non-ephemeral permission

Change-Id: I18a6fa7697528a2a35b42e36f7010b687be23f73
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ade616eb7f9083e51388edab31e9eb8bfdb5dae7 15-Mar-2017 Andreas Gampe <agampe@google.com> Merge "PackageManagerService: Fix ABI adjustment logging" am: 844be62eef am: 0c662c0ac0
am: 77ede7ab80

Change-Id: Ie2133c4e8e5abfd6979ba5c03c8d347985a5dcb4
77ede7ab806cb76caeefb62598a8ae11896f3c56 15-Mar-2017 Andreas Gampe <agampe@google.com> Merge "PackageManagerService: Fix ABI adjustment logging" am: 844be62eef
am: 0c662c0ac0

Change-Id: Idaa8ce7b31fb7921877462d0cf98d6d9fd4e1ae8
0c662c0ac00551e0cfa3ac3aa01be1be6b2f5ed7 15-Mar-2017 Andreas Gampe <agampe@google.com> Merge "PackageManagerService: Fix ABI adjustment logging"
am: 844be62eef

Change-Id: I35f0affaef73033c37798eba41dfc1b992187176
108c7737dae7c9137a0966004285c99bb24e7f9b 15-Mar-2017 Andreas Gampe <agampe@google.com> PackageManagerService: Fix ABI adjustment logging

Fix logging of "Adjusting ABI" to be tolerant to null
packages.

Bug: 36172429
Test: m
Test: manual
Change-Id: Ic6b9a8e09e58dce6be97e464fe3986c709f820de
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
be4cf58436437da3bf78c48eeb401a5416459f95 15-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Add API to mark apps that have an update available"
ab53289c593aad60eddbe1ffc73402ac1f92c112 08-Mar-2017 Todd Kennedy <toddke@google.com> Add API to mark apps that have an update available

Ostensibly for instant apps, we allow play to mark an app as having
an update available. This will trigger instant app resolution even
if the instant app is already installed on device.

Bug: 35143464
Test: Manual; launch URI of installed instant app, see it runs w/o resolution. set bit. launch URI of installed instant app, see it runs resolution
Change-Id: I511df2b2a3eab39377167c770255ccbe02d5dad2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e730ae877a24d44f5b3db096f08b0a2d7399aa2d 15-Mar-2017 Jeff Sharkey <jsharkey@android.com> Enable cache clearing v2 logic, fix bugs.

Now that we have CTS tests to verify the cache clearing v2 logic,
we're ready to enable it!

Switch storage APIs over to "usable space" to match implementation
down in installd. Add a missing clearCallingIdentity(), and offer
better logging for missing appop permission.

Load quotas from disk right away at device boot instead of waiting.

Bug: 35685848, 35684969
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.StorageHostTest
Change-Id: I8167e0322b4662ca6c975da5c50715e2d71332a7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5f3e93451e87d72c513e75c5d5459a4bd2cc41b2 13-Mar-2017 Jeff Sharkey <jsharkey@android.com> Lower-overhead version of LockGuard.

Instead of building up a giant set of all locks inside the system
server, there are only a handful that we're interested in watching:
specifically those below the ActivityManagerService lock.

This change adds a index-based variant of lock registering and
checking, which has much lower overhead that doesn't bring a device
to its knees. It's disabled by default, but can be enabled on local
development builds.

Currently uses the boostPriorityForLockedSection() hook in AMS to
check for lock inversions when enabled.

Test: builds, boots, no AMS lock inversions detected
Bug: 35410906
Change-Id: I473d634d23c08538029412a1254bf4f92b96fb84
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bc9caa1a2a38e23f7a6b61bcda81b5759e45ec66 12-Mar-2017 Jeff Sharkey <jsharkey@android.com> Switch RescueParty to PMS.logCriticalInfo().

When RescueParty is triggered, we could end up in recovery before a
bugreport can be taken. To help understand why RescueParty was
triggered after the fact, this change switches a handful of critical
log messages to use PMS.logCriticalInfo().

These logs then go into our persistent log on disk, which is also
included in all future bugreports.

Bug: 35805331, 36033178
Test: builds, boots, forced crashing recorded in persistent log
Change-Id: Ic71206b25c4b0b703e464ff1d07c5e0b31549257
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
40d3de36ba0936e1113804a2e8084641ceff5902 10-Mar-2017 Svetoslav Ganov <svetoslavganov@google.com> [DO NOT MERGE] Don't allow permission change to runtime am: fe430be9f1 am: 903102fa54 am: 33f5a3ccb3 am: 4682420d59
am: 52fc40c21c

Change-Id: I015615df364706be928680209135cc3f23aed8f7
52fc40c21cb120eb1e1d3e7ef909b4255b5e2867 09-Mar-2017 Svetoslav Ganov <svetoslavganov@google.com> [DO NOT MERGE] Don't allow permission change to runtime am: fe430be9f1 am: 903102fa54 am: 33f5a3ccb3
am: 4682420d59

Change-Id: I2855b5a4f566006fe08eac46b9eb78a8662c915e
4682420d59b8caae8b324f906126410d6706f0b9 09-Mar-2017 Svetoslav Ganov <svetoslavganov@google.com> [DO NOT MERGE] Don't allow permission change to runtime am: fe430be9f1 am: 903102fa54
am: 33f5a3ccb3

Change-Id: Ie8690c9aa675fc06faec8b8da878030e1dccb4d7
33f5a3ccb382e66d1e1c95469782e388a44f51d3 09-Mar-2017 Svetoslav Ganov <svetoslavganov@google.com> [DO NOT MERGE] Don't allow permission change to runtime am: fe430be9f1
am: 903102fa54

Change-Id: I5035132d971ab163c20ad036851830d8abdc8137
903102fa54aaa20d3969f90426512d09adb69f09 09-Mar-2017 Svetoslav Ganov <svetoslavganov@google.com> [DO NOT MERGE] Don't allow permission change to runtime
am: fe430be9f1

Change-Id: I7c41e88f49738d927a5c0233b9702b36d2ca7282
fe430be9f102893c95258cc81589df132b7d02b3 29-Dec-2016 Svetoslav Ganov <svetoslavganov@google.com> [DO NOT MERGE] Don't allow permission change to runtime

Prevent apps to change permission protection level to dangerous
from any other type as this would allow a privilege escalation
where an app adds a normal permission in other app's group and
then redefines it as dangerous leading to the group auto-grant.

Test: Added a CTS test which passes.

Bug: 33860747

Change-Id: I1ccf546f78ee79ff027cb98124be81c8e5265a82
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
34573b289f03d29aa4da114a33c5584856da412d 08-Mar-2017 Chad Brubaker <cbrubaker@google.com> Prevent downgrade of targetSandboxVersion

Bug: 34761192
Test: manual
Change-Id: I0a17006156213ebbc748a37bc5b4ceaa8cc8dd94
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e6306c485f0d43ce094a708c76bb9f5ea9703fd3 08-Mar-2017 Jeff Sharkey <jsharkey@android.com> Throw at getPackageSizeInfoAsUser() callers.

But only when targeting O; if they're old apps then log and pass
a soft failure message to their callback.

Test: builds, boots
Bug: 35749102
Change-Id: I6c6b5a37c23669e7b1ed3c30207bca610821eb1f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4f459b85d414ef163dd1233af4b1700a5afd4fe7 08-Mar-2017 Jeff Sharkey <jsharkey@google.com> Merge "Revert "Throw at getPackageSizeInfoAsUser() callers.""
dd3adc339808ebb5eb2d1e73a8b0a0bd09f9455a 08-Mar-2017 Tony Mantler <nicoya@google.com> Revert "Throw at getPackageSizeInfoAsUser() callers."

This reverts commit 597c93454699eaed99d6b417080417d75777e72d.

Change-Id: I7d966ef973050ef791403062774fd7f576a65388
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4ad75b0541d824bea1a7314092b27b94b5a85a9c 08-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Throw at getPackageSizeInfoAsUser() callers."
597c93454699eaed99d6b417080417d75777e72d 08-Mar-2017 Jeff Sharkey <jsharkey@android.com> Throw at getPackageSizeInfoAsUser() callers.

But only when targeting O; if they're old apps then log and pass
a soft failure message to their callback.

Test: builds, boots
Bug: 35749102
Change-Id: Ifecf7108397444e88763f404a4b5f3fdc48443bb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b1818b8a36868675b06d080abe7c5b46f4271a85 07-Mar-2017 Calin Juravle <calin@google.com> Merge "PackageManager: Clean up code related to foreign dex use"
am: eef66fd0c7

Change-Id: I443f001c15daddd63a17685c2e82fc9a619c45ee
aa66d9f7e4239374bcfebf7a77ac5df23b847b0e 06-Mar-2017 Todd Kennedy <toddke@google.com> Don't call InstantAppRegistry with a null package

Change-Id: I40e3a6529cf6b77857ea67c9a83029cc57696227
Fixes: 35970992
Test: Manual
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4c06f55f14538d8b065d97d7f3fd2b79976fb94b 04-Mar-2017 Calin Juravle <calin@google.com> PackageManager: Clean up code related to foreign dex use

We simplified the way we track whether or not a dex file is used by
other apps. DexManager in the framework keeps track of the data and we
no longer need file markers on disk.

Test: device boots, foreign dex markers are not created anymore

Bug: 32871170

(cherry picked from commit 74f0a3450cd598f52b2c68c43531b1a27fb4e1ce)

Change-Id: I2a9daca15e5120518852584fa17aa94012af8f1a
Merged-In: I3660e2f3913a73904181449c2d910af0a0477950
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9108ae1a16d1c9b0ad75292903b9cab26ab47633 07-Mar-2017 Calin Juravle <calin@google.com> Merge "PackageManager: Clean up code related to foreign dex use"
74f0a3450cd598f52b2c68c43531b1a27fb4e1ce 04-Mar-2017 Calin Juravle <calin@google.com> PackageManager: Clean up code related to foreign dex use

We simplified the way we track whether or not a dex file is used by
other apps. DexManager in the framework keeps track of the data and we
no longer need file markers on disk.

Test: device boots, foreign dex markers are not created anymore

Bug: 32871170
Change-Id: I3660e2f3913a73904181449c2d910af0a0477950
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a9e8d358e873c53484ff071685e98361a21c48ef 07-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge changes I546a3133,I5d892b2d

* changes:
Don't skip verification of Instant Apps
Expose ACCESS_INSTANT_APPS to the verifier
a485f71fd77302f31daa0d6ae29f6802a61eddcf 06-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Refactor EphemeralResolverService"
b94103d25dc15adde4329383a2bf0281868c45c9 06-Mar-2017 Chad Brubaker <cbrubaker@google.com> Don't skip verification of Instant Apps

Test: builds
Change-Id: I546a31334b8f15f360ca5599d96ac8783496fc92
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0fdb3a84cfd722c994ab693cfef3edc2a51f3115 04-Mar-2017 Christopher Tate <ctate@google.com> Fix bug #35673706 - null verifier component...

...causing an NPE when we attempted to call getPackageName() on it.

This patch avoids the NPE, but does not address the underlying
question of why the component we're attempting to target is coming
back null. This new approach guarantees the security of the broadcast,
though, so we needn't worry further about that.

Test: install app & note verifier action

Change-Id: I0d316e0815210ba1fbb14da6b76d5c23a85c96a4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1fb3404b2ba69a823e961bec2d9ed61622107052 01-Mar-2017 Todd Kennedy <toddke@google.com> Refactor EphemeralResolverService

* Change name to InstantAppResolverService
* Left old service in place to handle existing client
[to be removed prior to O launch]
* When resolving phase II, return a list instead of a single item

Bug: 34763730
Test: Build and verify resolution occurs w/ legacy & new resolver service
Change-Id: Ieccaf91538bd91c04f4be4e35d8264619d7cd6d7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
638903002ef2a6da352c52aaeb9342ec25339ad1 03-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "OMS: Introduce default overlays"
9635fbd7c51db046df5144fc80035b5a5fbf626e 03-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "handle case where user == USER_ALL"
e6f3ed6aefcc3622e040343754b70757577bb9c9 03-Mar-2017 Calin Juravle <calin@google.com> Merge changes from topic 'secondary-dex1'
am: d56d98b860

Change-Id: Ia9c1329584597a6f30aeaa2bd8e8c979705d8eea
c6494490939768ab86d88abd2e562e0e591d7a8e 02-Mar-2017 Calin Juravle <calin@google.com> Use DexManager logic to decide if a package is used by other apps

Stop relying on the file marker recorded by the runtime. We have the
same data available from the DexManager.

The clean up CL to remove the handling of the file markers will follow.

Test: verify that "shared packages" (e.g. gmscore) are not compiled with speed-profile.

Bug: 32871170

(cherry picked from commit 07b6eabe79261267ecd7114790e96e1f6828672a)

Change-Id: I2969b75fa77d38dde0073ef67aa89b1dc91237b5

Merged-In: I6cc5834ac88489e69896cd5fba9ed9968aa7f5a2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f8afcdc7b7b39ddc7161b1be01eebf763e68c793 15-Feb-2017 Calin Juravle <calin@google.com> Skip class path checking for secondary dex files

Pass '&' marker to dex2oat classpath when compiling secondary dex files.
This will skip class path checking when loading the oat files.

Test: adb shell cmd package compile -m speed -f --secondary-dex com.google.android.gms
oatdump --header-only --oat-
file=/data/user/0/com.google.android.gms/app_chimera/m/00000006/oat/arm64/DynamiteModulesC_GmsCore_prodmnc_alldpi_release
check that the class path contains the special '&' marker

Bug: 32871170

(cherry picked from commit aae35767b6bca6f872c906a0fd38d7adb61217bd)

Change-Id: I7f3c6743e749316ee02e8586a525ad28ae1ef765

Merged-In: If0628aeb4e3f5717604bfc4a87a4b1d438e5fa65
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
112a61bf32d7c9ba6337d2fd4c760bc2904e4688 03-Mar-2017 Calin Juravle <calin@google.com> Compile secondary dex files during background dexopt job
am: 574994afde

Change-Id: I204983f6221c07467b450ea9e0bf71b6d15926e1
90ac28d618a8428a5943e4183d4139f08a5a25ad 03-Mar-2017 Calin Juravle <calin@google.com> Add a shell command to force the background dexopt job
am: f7edab63d9

Change-Id: Ie77bc356a9ff4786c23a06d1267dc7ca5e45a90a
110e897eaa78aab17685ada1402185f69358699a 03-Mar-2017 Calin Juravle <calin@google.com> [PM] Clean up logic for secondary dex oat files
am: e69fba3f7f

Change-Id: I223b27221acf25e628003dde0f63cffe66779753
468be64cf2a7dac72f9803f6b1fb0fbed0a17fa6 03-Mar-2017 Calin Juravle <calin@google.com> Compile secondary dex files in DexManager
am: 7218363a92

Change-Id: I53e7864b097cf9cff702e9185bb1c9091d97fe63
27ea5920987d4639a457130d1e55a0b92bb73dc2 03-Mar-2017 Calin Juravle <calin@google.com> Notify DexManager about new package installs
am: fcd672fca3

Change-Id: I63514deebef293d52f7811023b0915cf655514f6
a5ca62408381058c12bd5a1fe3b30f2512a73e03 02-Mar-2017 Adam Lesinski <adamlesinski@google.com> OMS: Introduce default overlays

Default overlays are applied at first boot. They are specified by
package name in system property ro.boot.vendor.overlay.theme as a
semicolon separated list.

Eg:

ro.boot.vendor.overlay=com.android.vendor.overlay;com.android.vendor.overlay_two

Test: manual (remove /data/system/overlays.xml and reboot)
Change-Id: I8a7443a9059ccabfe1a63b075b95f1b2b6db7dbd
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3c954e9e01b4a79535f3de27a20398e6af620df0 02-Mar-2017 Calin Juravle <calin@google.com> Merge "Update package use info when the app data is updated"
574994afde208fcb60f5aea9921b9b381e13e888 26-Jan-2017 Calin Juravle <calin@google.com> Compile secondary dex files during background dexopt job

Extend the backgound dexopt job to compile secondary dex files when
"dalvik.vm.deopt.secondary" system property is set to true.

Test: adb shell cmd package bg-dexopt-job
Bug: 32871170

(cherry picked from commit 51f521c3bf46e6040f36757bc53ea57ddc7be85e)

Change-Id: I220ff4ea26c4eee030ab1a9f4c957a09aa9f2f4c

Merged-In: If3a4b77f785e92c7f2f7869e25ff9b99904f165a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f7edab63d9358b9a4e0dbec3243f6db9f50a2bbe 26-Jan-2017 Calin Juravle <calin@google.com> Add a shell command to force the background dexopt job

Add 'bg-dexopt-job' command to 'adb shell cmd package' which will force
the background dexopt job to run the optimizations immediately.

Note that the command only runs the background optimizer logic. It may
overlap with the actual job but the job scheduler will not be able to
cancel it. It will also run even if the device is not in the idle
maintenance mode.

Test: adb shell cmd package bg-dexopt-job
Bug: 32871170

(cherry picked from commit cb5f41ea11b1a6fcd0977a64ee146dde8f537076)

Change-Id: I82c781d46fe16e7b7566a5b5ee91be723a2125cb

Merged-In: I8b0112074220b2e09baf13d842401ee1cf306a89
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e69fba3f7fbc8e4fc6c02b80c8fac097804b97f7 25-Jan-2017 Calin Juravle <calin@google.com> [PM] Clean up logic for secondary dex oat files

Add logic in DexManager to reconcile secondary dex records with the
actual files on disk. If secondary dex files are moved or removed then
DexManager will remove the generated oat files during the call to
reconcileSecondaryOdex() and update its internal state.

Add 'adb shell cmd package reconcile-secondary-dex packageName' which
will force DexManager to sync its data with the actual secondary dex
files.

Test: devices bots
runtest -x .../PackageDexUsageTests.java
runtest -x .../DexManagerTests.java
adb shell cmd package reconcile-secondary-dex
com.android.google.gms (after artificially/temporarily renaming some
dex files)

Bug: 32871170

(cherry picked from commit c22c30ed1c05c5c24185dc4d380d1c5026923d46)

Change-Id: Ied9fcbfe367ed3a8250a9ba8d202518b264c64e8

Merged-In: Id2d72dc89995f89cf1ddf79ae4e992afd3f3c127
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7218363a92d15cc1854cf298ef77e1ed2aeafa3b 17-Jan-2017 Calin Juravle <calin@google.com> Compile secondary dex files in DexManager

Add logic for secondary dex compilation in DexManager. Also, extend the
`cmd package compile` command with '--secondary-dex' option which will
compile all used secondary dex files for the given package.

Test: flash & boot,
cmd package compile --secondary-dex -f -m speed
com.google.android.gms
Bug: 32871170

(cherry picked from commit c22c30ed1c05c5c24185dc4d380d1c5026923d46)

Change-Id: I3cf26edbfb5e9f3683e608bb2a596e1ab5682bd4

Merged-In: Ia2b95cb70d26c4ead5cb650047641b0881ca84ae
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fcd672fca3e48cc5ce1e82aacec26ac391cedd01 24-Jan-2017 Calin Juravle <calin@google.com> Notify DexManager about new package installs

This will update the internal cache so that the secondary dex files of
the new package can be found when loaded.

Test: runtest -x .../DexManagerTests.java

Bug: 32871170

(cherry picked from commit 0d4b8f8b0c963d9a1f5cb6aff11a11195a3df225)

Change-Id: I34008f6d262f19e88a346a36b83e4093b4129105

Merged-In: I0cb7158af249feeb01cf578a7544dda978eede9d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e9f0fe9274cce675e09a117e3593601b9424ea51 02-Mar-2017 Calin Juravle <calin@google.com> Merge "Use DexManager logic to decide if a package is used by other apps"
67a14e1124f799b535d8bc28aa0dbe402eb77a04 02-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Force ephemeral apps to have correct targetSdk/targetSandbox temporarily"
99dd37b3c5262910150ef955d16a33d32da264dd 23-Feb-2017 Calin Juravle <calin@google.com> Update package use info when the app data is updated

- clear usesByOtherApps flag when the package is updated
- delete secondary dex usage data when the app data is destroyed

Test: runtest -x .../PackageDexUsageTests.java
runtest -x .../DexManagerTests.java
Bug: 32871170
Bug: 35381405

Change-Id: I3a249b9e8680e745fa678c7ce61b4ae764078fb9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
594ea5f8b031c09de090eab446209b84aa78fd37 02-Mar-2017 Dianne Hackborn <hackbod@google.com> Merge "Implement issue #34842682: Add ability to limit permissions based on features"
07b6eabe79261267ecd7114790e96e1f6828672a 02-Mar-2017 Calin Juravle <calin@google.com> Use DexManager logic to decide if a package is used by other apps

Stop relying on the file marker recorded by the runtime. We have the
same data available from the DexManager.

The clean up CL to remove the handling of the file markers will follow.

Test: verify that "shared packages" (e.g. gmscore) are not compiled with speed-profile.

Bug: 32871170
Change-Id: I6cc5834ac88489e69896cd5fba9ed9968aa7f5a2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cd154e95353e7af11314d2339500d6c7f85e181a 01-Mar-2017 Dianne Hackborn <hackbod@google.com> Implement issue #34842682: Add ability to limit permissions based on features

Two new attributes for <uses-permission>: android:requiredFeature and
android:requiredNotFeature.

Also update aapt to include this information in badging:

uses-permission: name='android.content.cts.REQUIRED_NOT_FEATURE_UNDEFINED' requiredNotFeature='android.software.cts.undefined'
uses-permission: name='android.content.cts.REQUIRED_MULTI_DENY' requiredFeature='android.software.cts.undefined' requiredNotFeature='android.software.cts'

Test: new PermissionFeatureTest suite.

Change-Id: Icc1f815a4675ae9dd2cb7f61730ab28b5c11228a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7381e6eb214689c1230b357451b23bd5bf42ef90 01-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Expose isInstantApp() to more callers"
1b4cdf909f7c9f3ad9b12d666ca5a4c1dde43308 01-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Add boolean when instant apps are available"
247a3c01326fbcd4e12270b5a2d4fb42fa78e7c6 01-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Introduce ANSWER_PHONE_CALLS permission"
41a0efb3ca31ee9c2c6a763e26765f7ecbdff126 01-Mar-2017 Todd Kennedy <toddke@google.com> Expose isInstantApp() to more callers

Instead of just allowing the instant app itself, also allow anyone
with ACCESS_INSTANT_APP permission or apps that the instant app
has granted access.

Change-Id: I5a79ef9520db908ba9ab56af0157b1646d2d8cc1
Fixes: 34123112
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e19e5677a57de03453ed61d7c36c806427a98d20 01-Mar-2017 Sunny Goyal <sunnygoyal@google.com> Merge "Sending explicit broadcast to the launcher when a package is installed"
533c9ff58d7649c6056f12c85b4122970f77236b 27-Feb-2017 Todd Kennedy <toddke@google.com> Add boolean when instant apps are available

Bug: 34168547
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Change-Id: Ic1072d02aa4d43947e689e4381c2c5ee43704dd0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6d7cb232362d8036875d1d3c3f0e8f5d47a2ad25 30-Jan-2017 Sunny Goyal <sunnygoyal@google.com> Sending explicit broadcast to the launcher when a package is installed

Test: Manually tested on device and add CTS tests
Bug: 32920609
Change-Id: Ic23c077a469fb41d6c4e123d4bc022899f634198
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e0177dbb8bd28526e6cd56188896b1a9528c7f38 28-Feb-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Prevent packages besides android defining ephemeral permissions"
2f2053b939fdd1aee80d7bba531707d56f498c07 28-Feb-2017 Chad Brubaker <cbrubaker@google.com> Prevent packages besides android defining ephemeral permissions

Bug:34980926
Test: manual
Change-Id: I608bc746b4b212c02ba62433fbb3f8141b5e67e9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6de3d56a9fe8ae8fdc6bfe9e0231a531327b9d04 28-Feb-2017 Todd Kennedy <toddke@google.com> handle case where user == USER_ALL

Change-Id: I0f2737dbe994595e2c624b674a1a8ce863ae1854
Fixes: 35271941
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.PkgInstallSignatureVerificationTest#testInstallEphemeralRequiresV2Signature
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bdaded344f39124abb47512927338e7daa6de21d 27-Feb-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Don't log privapp-permissions violations for updated apps"
ff8351a311045cd91962f0cb5d03f15425d2401e 27-Feb-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "don't call settings provider with pkg mgr lock"
9687767d759936a51ca2f7d90b3810f8b9bea0d4 27-Feb-2017 Makoto Onuki <omakoto@google.com> Merge "Allow querying providers with a specific metadata."
2fc7c3f7e0c2f96caa9478e333e7741c82680029 27-Feb-2017 Todd Kennedy <toddke@google.com> don't call settings provider with pkg mgr lock

Bug: 34739922
Test: manual
Change-Id: I8bd5ad76d1db5125d75c086b7f0aa24b7ac3919a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d627294d830d6010f79168a9dcc3828e5221c6c9 26-Feb-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Catch all exceptions thrown by the interfaces."
cae3d3e59e5f9f2161921654f80e3ec6283f7662 31-Jan-2017 Eugene Susla <eugenesusla@google.com> Introduce ANSWER_PHONE_CALLS permission

This exposes an API to answer a ringing call, as well as a corresponding
runtime permission and appop

Test: Grant the permission and ensure the call gets answered.
Deny the permission, and ensure that the API call throws an exception.
Bug: 30932767
Change-Id: I4c33fcea6b95a30469fa6c0c37090be32b0ad52e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ff506659a73d47ce96a61a0b93013786ba60e8c0 24-Feb-2017 Netta Peterbursky <nettap@google.com> Merge "Protobufferize PackageManager dumpsys"
0ba0d814b300e9dea70933885c1837695eda69da 24-Feb-2017 Fyodor Kupolov <fkupolov@google.com> Don't log privapp-permissions violations for updated apps

Only warn about violations in non-updated apps. If an updated privileged
app started requesting a new privileged permission, it cannot be
whitelisted on system image, so we should revoke it as before, but not log.

Test: manual
Bug: 35633526
Change-Id: I6aacaed4be7bf6eaef08ea81ea49cd250c81e71e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aaee062899d41513840fd11fe2df73604ceb80ea 24-Feb-2017 Jeff Sharkey <jsharkey@android.com> Catch all exceptions thrown by the interfaces.

Test: builds, boots
Bug: 35749102
Change-Id: Ib5db19dd8f3ae591ed84972c1b234f27932fc66c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2140cd6431266bdb17024c66bb93cf88ff7cc407 24-Feb-2017 Jeff Sharkey <jsharkey@google.com> Merge "Block new installs into ASEC containers."
8c61e39e042c31dd21567897c834c7c45fe7181b 24-Feb-2017 Jeff Sharkey <jsharkey@android.com> Block new installs into ASEC containers.

ASEC containers have been deprecated since MNC, which is when we
introduced the "adoptable storage" feature. Adoptable storage is a
much better user experience, since we move both the APK and private
app data together as a single unit, making it much easier to explain
to users.

Test: builds, boots
Bug: 32913676
Change-Id: I97385d081a50a79fc005d4e23e09999f9ae6cfc1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9584868f8824e41f010590b4c64654a6de1f5357 24-Feb-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Add new internal resolve method"
d143808365c06be7e64837d005d07e91ebfad745 06-Feb-2017 Chad Brubaker <cbrubaker@google.com> Force ephemeral apps to have correct targetSdk/targetSandbox temporarily

There is a bit of a chicken and egg problem with Instant Apps and the
requirement to have targerSdk >= O and targetSandboxVersion >= 2 with
the sdk not being locked down yet. To work around this for now the
targetSdk and targetSandboxVersion will be made correct instead of
causing the install to fail. This work around must be removed before O
ships.

Test: adb install --ephemeral updates the targetSdk and targetSandbox
accordingly.

Change-Id: I283e71e459f0f69ef4053591b6647991746f54da
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bd9e74cae0f3de1039c9ddcee3caa0849b604c7c 24-Feb-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "OMS: integrate OverlayManagerService into framework"
4d1de7da79010be3e1f0eb85aa50b6002a8241fd 23-Feb-2017 Todd Kennedy <toddke@google.com> Add new internal resolve method

Instant apps are unique in that any application can start them
with a VIEW/BROWSABLE while only very few apps can see an
instant app using queryIntentActivites, etc... In order to
support this dichotomy, we need an internal hook to resolution
for activity start.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Bug: 25119046
Change-Id: If6974c09c733ff0417ef72cabb9d9e9aca86c37c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2e0d0f311100d8e0bb40d7d60b8498237f011f0c 02-Jun-2016 MÃ¥rten Kongstad <marten.kongstad@sonymobile.com> OMS: integrate OverlayManagerService into framework

Hand over ownership of overlays to OverlayManagerService.

Changes to a package's overlays are propagated using the activity life
cycle. Affected activities will be recreated as needed. This provides a
well-defined point to modify an application's assets while the
application is paused.

Consolidate how overlays targeting the system and overlays targeting
regular applications are handled. Previously, system overlays were
handled as a special case. Now, everything is handled identically. As a
side effect, the call to idmap --scan during Zygote boot has become
obsolete and is removed.

Information on what overlays to use is recorded in
ApplicationInfo.resourceDirs. The PackageManagerService is responsible
for the creation of ApplicationInfo objects. The OverlayManagerService
is responsible for informing the PackageManagerService in advance about
what resourceDirs to use.

When launching an application, the ApplicationInfo is already populated
with up-to-date information about overlays.

When enabling or disabling an overlay for a running application, the
OverlayManagerService first notifies the PackageManagerService about the
updated resourceDirs. It then tells the ActivityManagerService to push
the new ApplicationInfo object to the application's ActivityThread.
Finally the application requests its ResourcesManager to create new
ResourcesImpl objects based on the updated paths.

Change-Id: Ib8afa05ccab4e2db558f89ce4423983c086bb61a
Co-authored-by: Martin Wallgren <martin.wallgren@sonymobile.com>
Signed-off-by: Zoran Jovanovic <zoran.jovanovic@sonymobile.com>
Bug: 31052947
Test: run tests from 'OMS: tests for OverlayManagerService'
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5feacbed43c73958b68e69acd894c75ce1f6cb4d 23-Feb-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Load splits on-demand"
e991022423c2e5b4386553af7ef3b54da7c54be1 22-Feb-2017 Todd Kennedy <toddke@google.com> Load splits on-demand

A split may be declared in an application's base manifest, but,
defined in a feature split. When resolving such a component,
invoke the installer to download and install the necessary split(s)

At the moment, this only works for instant apps. However, the
implementation is generic and could be applied to any application.

Bug: 25119046
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Change-Id: I6598abb34becfd049fc03199813226736e5057b1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
32757292030117e3abda2bb2a3eb349f646c9fa8 22-Feb-2017 Makoto Onuki <omakoto@google.com> Allow querying providers with a specific metadata.

CP2 will need it to scan GAL providers faster.

Test: Manual test with CP2 under development
Bug: 35388445
Change-Id: I1202420078b1bbe48f6eb4bb9e3f705c71df9c0c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
426cbefdf3c78bd0aa80b180ffc1fb8b5a226bc3 10-Feb-2017 Netta P <nettap@google.com> Protobufferize PackageManager dumpsys

Bug: 34230809
Test: cts-tradefed run cts-dev -m CtsIncidentHostTestCase -t com.android.server.cts.PackageIncidentTest
Change-Id: I6dc455db47a8a636267cf7abe993e135e9044b33
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
df0824ad4cd31a3e96653fe82ce969b08cd00be2 23-Feb-2017 Guang Zhu <guangzhu@google.com> Merge "Revert "OMS: integrate OverlayManagerService into framework""
95459806920dec34abb3214ab6e1a9b9213a2a61 23-Feb-2017 Guang Zhu <guangzhu@google.com> Revert "OMS: integrate OverlayManagerService into framework"

Bug: 31052947
Bug: 35697944

This reverts commit 21a3d1ad686dee97b9cf0ed80389ee2ab0d48013.

Change-Id: I2d86931020301524c26cf8c8e80d557c97fdd6c3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0f09817859b19054aee3feded1dbf9757a5ec131 23-Feb-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "OMS: integrate OverlayManagerService into framework"
26a449e62a337eb3c94be42e216734d76a2d517e 23-Feb-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Reconcile apps in 2 phases"
4f6188e775f864a1b321289307bb8071d59dd658 23-Feb-2017 Jeff Sharkey <jsharkey@google.com> Merge "Slowly deprecate hidden getPackageSizeInfo() API."
cd824ef3895bd581c9d87d9b010385fd15b41d7e 07-Feb-2017 Fyodor Kupolov <fkupolov@google.com> Reconcile apps in 2 phases

During boot app data folders are reconciled in 2 phases:
- in the constructor only core apps are reconciled. prepareAppData
for remaining apps is deferred and run on a separate thread (phase 2)
- Phase 2 must finish before third-party apps can start

Also moved GC to final stages of system server init. GC alone takes ~200 ms.

Overall boot time improvement: ~1 second

Before:
02-17 18:33:33 D/BaseBootTest: successive-boot :
28835.0,29638.0,30205.0,29793.0,29752.0,28228.0,30125.0,28983.0,28487.0,28865.0,
02-17 18:33:33 D/BaseBootTest: successive-boot_avg : 29291.1
02-17 18:33:33 D/BaseBootTest:
SystemServerTiming_StartPackageManagerService :
3150.0,3615.0,3515.0,3495.0,3814.0,3158.0,3746.0,3274.0,3222.0,3607.0,
02-17 18:33:33 D/BaseBootTest:
SystemServerTiming_StartPackageManagerService_avg : 3459.6
02-17 18:33:33 D/BaseBootTest: SystemServerTiming_StartServices :
8244.0,8863.0,9035.0,9832.0,8998.0,8096.0,8719.0,8209.0,8279.0,8754.0,
02-17 18:33:33 D/BaseBootTest: SystemServerTiming_StartServices_avg :
8702.9

After:
02-17 17:59:51 D/BaseBootTest: successive-boot :
27711.0,27607.0,28408.0,28968.0,28397.0,28063.0,27885.0,28483.0,27917.0,29317.0,
02-17 17:59:51 D/BaseBootTest: successive-boot_avg : 28275.6
02-17 17:59:51 D/BaseBootTest:
SystemServerTiming_StartPackageManagerService :
2467.0,2489.0,2369.0,2548.0,2647.0,2523.0,2497.0,2553.0,2482.0,2657.0,
02-17 17:59:51 D/BaseBootTest:
SystemServerTiming_StartPackageManagerService_avg : 2523.2
02-17 17:59:51 D/BaseBootTest: SystemServerTiming_StartServices :
7686.0,7538.0,7598.0,7869.0,7884.0,7950.0,7971.0,8370.0,7696.0,7885.0,
02-17 17:59:51 D/BaseBootTest: SystemServerTiming_StartServices_avg :
7844.7

Test: manual
Bug: 28750609
Change-Id: I3543ef577af1365394775318e40907584ddbe950
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bfaaa44f274050d708b149bc94a4250e4cc5ca32 23-Feb-2017 Jeff Sharkey <jsharkey@android.com> Slowly deprecate hidden getPackageSizeInfo() API.

It was never a public API, and we now have a support and CTS tested
public API over at StorageStatsManager that apps should be using.

Test: builds, boots
Bug: 34643504
Change-Id: Iad3f2c000dd9d7c1b1e70d0bf2d281826737322e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
458428ea6633e6000b453ef272c13823f5d02fe5 22-Feb-2017 Jeff Sharkey <jsharkey@android.com> Split cache clearing into two phases.

Use newly defined "V2_DEFY_QUOTA" flag to split cache clearing into
two phases: clearing data for apps above their quotas, and then
pushing deeper by clearing data for apps below their quotas.

Add placeholder comments for other data types that we're planning to
add shortly. Route all clearing behavior through this new method,
which remains guarded behind a flag for now.

Test: builds, boots
Bug: 34692014
Change-Id: I678d7b4e2bf6c837dd8a9adbc36a53015907f75f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
21a3d1ad686dee97b9cf0ed80389ee2ab0d48013 02-Jun-2016 MÃ¥rten Kongstad <marten.kongstad@sonymobile.com> OMS: integrate OverlayManagerService into framework

Hand over ownership of overlays to OverlayManagerService.

Changes to a package's overlays are propagated using the activity life
cycle. Affected activities will be recreated as needed. This provides a
well-defined point to modify an application's assets while the
application is paused.

Consolidate how overlays targeting the system and overlays targeting
regular applications are handled. Previously, system overlays were
handled as a special case. Now, everything is handled identically. As a
side effect, the call to idmap --scan during Zygote boot has become
obsolete and is removed.

Information on what overlays to use is recorded in
ApplicationInfo.resourceDirs. The PackageManagerService is responsible
for the creation of ApplicationInfo objects. The OverlayManagerService
is responsible for informing the PackageManagerService in advance about
what resourceDirs to use.

When launching an application, the ApplicationInfo is already populated
with up-to-date information about overlays.

When enabling or disabling an overlay for a running application, the
OverlayManagerService first notifies the PackageManagerService about the
updated resourceDirs. It then tells the ActivityManagerService to push
the new ApplicationInfo object to the application's ActivityThread.
Finally the application requests its ResourcesManager to create new
ResourcesImpl objects based on the updated paths.

Co-authored-by: Martin Wallgren <martin.wallgren@sonymobile.com>
Signed-off-by: Zoran Jovanovic <zoran.jovanovic@sonymobile.com>
Bug: 31052947
Test: run tests from 'OMS: tests for OverlayManagerService'
Change-Id: Idc96dae6fc075d5373aa055bbf50e919136d7353
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d5d5e926eb8ff2541a845d6a5657cee5e5c6e7b6 21-Feb-2017 Jeff Sharkey <jsharkey@android.com> Clear cache space when allocating bytes.

Fleshes out remainder of allocation implementation, where we offer
to clear cached data to satisfy the allocation request. To prevent
abuse, we never let apps allocate into either the minimum cache space
or low storage space.

Clean up quota APIs to require the caller to pass in the path they're
interested in, and we resolve the underlying filesystem for them.

Defines settings that can be used to tweak the minimum cache space.

Test: builds, boots
Bug: 34690590
Change-Id: I85bc07399f91ee4aa568a8a54c615646bf748ad4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
18c527b96d94c31d789ec137cb12f6e13cd20916 18-Feb-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Fix instant app resolution"
d133b00efb49adeb21b9b62b334769c03f40bf43 17-Feb-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Put package verifier on the power whitelist when invoked"
bbdd8e4a3b4bd9bcf4574005b42bed83b4d4ed31 17-Feb-2017 Todd Kennedy <toddke@google.com> Fix instant app resolution

Resolving intents with a specified component goes down a different
path than regular resolution. For Instant Apps, that meant that
sometimes the Instant App was not able to resolve it's own
activities. Added some new CTS tests to verify that this works.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Change-Id: Ic8a8eaef7eb9e230fdc701c79c85227d0939d974
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
19657b359a333dd477c589aa9c124059a05251b0 17-Feb-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Revert "Revert "remove app-ephemeral"""
be0b8896d1bc385d4c8fb54c21929745935dcbea 15-Feb-2017 Todd Kennedy <toddke@google.com> Revert "Revert "Per user setting for instant app""

This reverts commit be9ffa15af9e1906e9ffb505768328d62d4a3793.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Change-Id: Ib21321cf157a79890de487060a093840f7182047
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
860d8b9a7c1742817ea360a7433139786196accb 16-Feb-2017 Christopher Tate <ctate@google.com> Put package verifier on the power whitelist when invoked

Give the package verifier the right to run services while we're asking
it to do its thing.

Bug 31025833

Change-Id: If6a593d95fe37d4c2c7ab6d59aa2661c1e5df6b3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8094e09089204b4bfbdc873d70d0c331ae8c046f 15-Feb-2017 Todd Kennedy <toddke@google.com> Revert "Revert "remove app-ephemeral""

This reverts commit c2f0d886f46ee5eb28011e1119fa9d23b073a64c.

Test: Manual
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d80ba8abc812778a0c7e2042a1f2ffa87f25cb60 15-Feb-2017 Guang Zhu <guangzhu@google.com> Merge "Revert "remove app-ephemeral""
626ffb455650e334fff3fe407a31aa0fa437fdf2 15-Feb-2017 Guang Zhu <guangzhu@google.com> Merge "Revert "Per user setting for instant app""
be9ffa15af9e1906e9ffb505768328d62d4a3793 15-Feb-2017 Guang Zhu <guangzhu@google.com> Revert "Per user setting for instant app"

Bug: 35390781

This reverts commit 2f5811dcfd840e149851a9333e27ef3cdddf7a46.

Change-Id: Ibb1c8dacbdc6908fc7fa2bc5dca664f2455162bf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c2f0d886f46ee5eb28011e1119fa9d23b073a64c 15-Feb-2017 Guang Zhu <guangzhu@google.com> Revert "remove app-ephemeral"

Bug: 35390781

This reverts commit 4eb7cea562cd117e598a327ab4d93142589c1ae6.

Change-Id: I94567d333b40f99f7a2573125259f4ab575a0519
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
93a8e2c7d1e6becf48e59d32c56692d87bf56a4a 15-Feb-2017 Todd Kennedy <toddke@google.com> Merge "remove app-ephemeral"
bf92b812dbe1c762ff2381ca4ba14290a5ece8b8 15-Feb-2017 Todd Kennedy <toddke@google.com> Merge "Per user setting for instant app"
4eb7cea562cd117e598a327ab4d93142589c1ae6 15-Feb-2017 Todd Kennedy <toddke@google.com> remove app-ephemeral

instant apps are no longer stored in a separate folder. they
are now stored along side other full apps in the apps directory.

Bug: 25119046
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Change-Id: I6669be797987169a0b9cca78f80539c908812f9e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aae35767b6bca6f872c906a0fd38d7adb61217bd 15-Feb-2017 Calin Juravle <calin@google.com> Skip class path checking for secondary dex files

Pass '&' marker to dex2oat classpath when compiling secondary dex files.
This will skip class path checking when loading the oat files.

Test: adb shell cmd package compile -m speed -f --secondary-dex com.google.android.gms
oatdump --header-only --oat-
file=/data/user/0/com.google.android.gms/app_chimera/m/00000006/oat/arm64/DynamiteModulesC_GmsCore_prodmnc_alldpi_release
check that the class path contains the special '&' marker

Bug: 32871170
Change-Id: If0628aeb4e3f5717604bfc4a87a4b1d438e5fa65
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5e2714ea7ae7bd162ee8c8ae60233e47bbdf7075 15-Feb-2017 Amith Yamasani <yamasani@google.com> Merge "Kernel mapping for package scope by user"
23ab7f54d96386db2b45dc0b352b3451f665e331 23-Jan-2017 Amith Yamasani <yamasani@google.com> Kernel mapping for package scope by user

Inform the kernel via configfs, of userids that
should be excluded when an app is not installed
for them.

Also push userid to remove_userid when a user is
removed so that the exclude list of that user can
be cleaned up in one command for all packages.

Test: runtest -x ....KernelPackageMappingTests.java
Change-Id: Ib94b1a0b737f45b2d03deb9650f0f0eb68e363d9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2f5811dcfd840e149851a9333e27ef3cdddf7a46 30-Jan-2017 Todd Kennedy <toddke@google.com> Per user setting for instant app

The same application can run as either an instant app or an installed
app. Store this setting per-user instead of based upon the install
location.

Bug: 25119046
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Change-Id: Iff565bb1ac10d631499f0bd0f69b401cb073c10e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9106c64bf3ca60d0b867fa1f2d78d3b19c9e4178 08-Feb-2017 Todd Kennedy <toddke@google.com> Add API to track package changes

After any package install, removal or update, save the changed
package and update a global sequence number. At any point, apps
can query for the packages changed since a particular sequence
number.

If a package is changed multiple times, it is only included once
in the change list.

Bug: 33865505
Test: Create sample app to query for changes and see which packages are changed after performing certain operations
Change-Id: Ia4646035362b16a97110e05f3f909ce385b48428
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b1e7776e2ca348ad734fdddc68d9bda6eb17c5e0 13-Feb-2017 Dianne Hackborn <hackbod@google.com> Fix issue #35309312: Background start not allowed: service...

...Intent { flg=0x100 cmp=com.android.systemui/.SystemUIService }
to com.android.systemui/.SystemUIService from pid=28245 uid=1000 pkg=android

Rework the persistent app check to just directly look at the package
manager (but as efficiently as possible). My idea for trying to keep
this in the UidRecord was stupid. :p

Test: manually tested it boots
Change-Id: I5a88717a27fa3529048d37a853518a3ec04055db
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c6ea7fc45ef147fa9e9c4f424faa1628bf954534 06-Feb-2017 Fyodor Kupolov <fkupolov@google.com> Log.wtf all privapp-permissions in a single message

Test: manual
Bug: 34872687
Change-Id: Ib67604db73dada235f16e91a41e52a8c8ea625bf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
50979d14f913b97852c9e39b3b85c555988760f5 28-Jan-2017 Fyodor Kupolov <fkupolov@google.com> Tests for UserDataPreparer

Moved reconcileUsers, enforceSerialNumber to UserDataPreparer and added
unit tests

Test: manual + UserDataPreparerTest
Bug: 34736064
Change-Id: Icde93974ac68849e38357d8cfea0cc1b7a2aab49
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
68f68701e69ceed0edb0e8831ce2ed507ba154a5 06-Feb-2017 Narayan Kamath <narayan@google.com> PackageManagerService: Log time spent on cpppreopt.

Makes it more convenient to debug post OTA boot-time issues.

Bug: 34953276
Test: manual

Change-Id: Iefb0f93f0c7d536ee46b756d83f316f038166da3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a27780e0aa7eab16ea42ad4f93957cf523c82002 03-Feb-2017 Fyodor Kupolov <fkupolov@google.com> Use self-locking for mAvailableFeatures

mAvailableFeatures is read-only and set in the constructor. Calls to
hasSystemFeature are often blocked if PM is busy with other operations.

Test: manual - device boots without errors
Bug: 33199244
Change-Id: I5ce0fa7af37e95ac64afb11a1022a27e37c67703
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e3482c2601fd025002377d47389be97bbc0c892d 01-Feb-2017 Brad Ebinger <breadley@google.com> Merge "Adds @hide permission granting API for ImsServices" am: 390ec27f9d am: 6734275c2f am: fa1dca0ad6
am: 3aaf673c60

Change-Id: I6a6a2d136f0f31bbac984e4ba18f9f6b90808705
3aaf673c60377fdff72fe1ab17099083f5fe9622 01-Feb-2017 Brad Ebinger <breadley@google.com> Merge "Adds @hide permission granting API for ImsServices" am: 390ec27f9d am: 6734275c2f
am: fa1dca0ad6

Change-Id: Id2875b5b60401405e31e76eb07968798144df700
fa1dca0ad61af079c7653ba80d847a5b51df343c 01-Feb-2017 Brad Ebinger <breadley@google.com> Merge "Adds @hide permission granting API for ImsServices" am: 390ec27f9d
am: 6734275c2f

Change-Id: I6d502db3362aafcfed426b6598be0bd39dd38890
6734275c2f7bdffca50062c08c07a58609eba78b 01-Feb-2017 Brad Ebinger <breadley@google.com> Merge "Adds @hide permission granting API for ImsServices"
am: 390ec27f9d

Change-Id: I0f3d38811925884681d11cf18e12f1b0574d64c6
de0fb617a198babe1a67c0dc921d0e7703f73384 31-Jan-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "don't require 'O' for instant apps"
910a19a535760df574371534bec030f9335bc351 31-Jan-2017 Todd Kennedy <toddke@google.com> don't require 'O' for instant apps

It's unclear if we need this check; esp if we want to support
running legacy instant apps [i.e. instant apps that run pre-O
under the supervisor].

Test: Build and install instant app
Change-Id: I241f97e7960635af933e8fe1ddd86675789ec26c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
096d304ae3d85c1bfcda1a1d9cd4eb13d0815500 31-Jan-2017 Svetoslav Ganov <svetoslavganov@google.com> Add instant cookie APIs

This change adds APIs for instant apps to store cookie data
that is presisted across instant installs and across the
upgrade from an instant to a standard app. Standard apps
can use the cookie APIs but when they are uninstalled the
cookie is also deleted. The cookies are kept longer than
the instant apps as they are much smaller - 16KB by default.
We can change the cookie size via a system setting i.e.
after we ship we can increase size if needed.

We also add internal APIs to surface information about
installed and uninstalled instant apps which should be
used for showing them in the UI. For this puporse we store
the icon, permissions, and label of uninstalled apps. If
the app is re-installed we drop this meta-data but keep
the cookie around. If we have cookie data stored and the
signing cert of the app changes when it gets re-intalled
we wipe the cookie.

Test: CTS tests pass; hiddent APIs tested manually

Change-Id: If145c0440cc61a5303e2cbb70228d235d36037a5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f477979bf9b8ecbaa366f0b600b0f2f2030c21ab 24-Jan-2017 Brad Ebinger <breadley@google.com> Adds @hide permission granting API for ImsServices

Adds the @hide API to grant ImsServices default permissions
using the PackageManager and DefaultPermissionGrantPolicy APIs.

Test: Manual
Bug: 32460405
Change-Id: Ia143ede42623b4c2203261fc6e83624d73c478f1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1ba6b5a076659a6aea48a2cf3df0f106fdff5887 30-Jan-2017 Calin Juravle <calin@google.com> Merge changes Ic07126bf,If3a4b77f,I8b011207,I18fde62a

* changes:
Save package dex usage info after secondary dex reconciliation
Compile secondary dex files during background dexopt job
Add a shell command to force the background dexopt job
A bit more refactoring in BackgroundDexOptService
2b4f8731ca5d20bb686aacdd09bb2351eeebd337 30-Jan-2017 Calin Juravle <calin@google.com> Merge "[PM] Clean up logic for secondary dex oat files"
a0f2f77cdc24fb51f2c6906b6fc481c2c6d673c5 30-Jan-2017 Calin Juravle <calin@google.com> Merge "Compile secondary dex files in DexManager"
51f521c3bf46e6040f36757bc53ea57ddc7be85e 26-Jan-2017 Calin Juravle <calin@google.com> Compile secondary dex files during background dexopt job

Extend the backgound dexopt job to compile secondary dex files when
"dalvik.vm.deopt.secondary" system property is set to true.

Test: adb shell cmd package bg-dexopt-job
Bug: 32871170
Change-Id: If3a4b77f785e92c7f2f7869e25ff9b99904f165a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cb5f41ea11b1a6fcd0977a64ee146dde8f537076 26-Jan-2017 Calin Juravle <calin@google.com> Add a shell command to force the background dexopt job

Add 'bg-dexopt-job' command to 'adb shell cmd package' which will force
the background dexopt job to run the optimizations immediately.

Note that the command only runs the background optimizer logic. It may
overlap with the actual job but the job scheduler will not be able to
cancel it. It will also run even if the device is not in the idle
maintenance mode.

Test: adb shell cmd package bg-dexopt-job
Bug: 32871170
Change-Id: I8b0112074220b2e09baf13d842401ee1cf306a89
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1aa5f88e35734383e66ecd65e82e83d788e18ccb 25-Jan-2017 Calin Juravle <calin@google.com> [PM] Clean up logic for secondary dex oat files

Add logic in DexManager to reconcile secondary dex records with the
actual files on disk. If secondary dex files are moved or removed then
DexManager will remove the generated oat files during the call to
reconcileSecondaryOdex() and update its internal state.

Add 'adb shell cmd package reconcile-secondary-dex packageName' which
will force DexManager to sync its data with the actual secondary dex
files.

Test: devices bots
runtest -x .../PackageDexUsageTests.java
runtest -x .../DexManagerTests.java
adb shell cmd package reconcile-secondary-dex
com.android.google.gms (after artificially/temporarily renaming some
dex files)

Bug: 32871170

Change-Id: Id2d72dc89995f89cf1ddf79ae4e992afd3f3c127
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c22c30ed1c05c5c24185dc4d380d1c5026923d46 17-Jan-2017 Calin Juravle <calin@google.com> Compile secondary dex files in DexManager

Add logic for secondary dex compilation in DexManager. Also, extend the
`cmd package compile` command with '--secondary-dex' option which will
compile all used secondary dex files for the given package.

Test: flash & boot,
cmd package compile --secondary-dex -f -m speed
com.google.android.gms
Bug: 32871170

Change-Id: Ia2b95cb70d26c4ead5cb650047641b0881ca84ae
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6fd52cd04bb2b76fdd522bca5b51acb3d86ced48 27-Jan-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Introduced UserDataPreparer class"
5c0ecfdb37b082bd6bd490270193b676ecb481c2 27-Jan-2017 Fyodor Kupolov <fkupolov@google.com> Introduced UserDataPreparer class

Extracted the logic for preparing and destroying user data into a new
class. Unit tests will be added in a follow up cl.

Test: manual + UserManagerTest
Bug: 34736064
Change-Id: I4df7189c4ad8703cb34f54da21873b9ec83589c5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
eabc9e95768e7ac9acc3b32dc9ac2edf99c9e2c5 15-Dec-2015 MÃ¥rten Kongstad <marten.kongstad@sonymobile.com> OMS: introduce the OverlayManagerService

Add a new system service to manage Runtime Resource Overlays. This will
offload the PackageManagerService and allow administration of overlay
packages while affected packages continue to execute.

Overlays can be enabled or disabled during runtime. Running applications
will re-create their ResourcesImpl objects and restart their activities
via the usual activity life cycle.

The order in which a set of overlays is loaded may also be changed
during runtime. The underlying mechanics are the same as for when an
overlay is enabled or disabled.

When an overlay changes state, e.g. becomes enabled, the
OverlayManagerService will broadcast one of the new intents
android.intent.action.OVERLAY_ADDED, *_CHANGED, *_REMOVED or
*.OVERLAYS_REORDERED.

Clients that wish to read information about overlays for users other
than themselves are required to hold the
android.permission.INTERACT_ACROSS_USERS_FULL permission. This mirrors
the protection level of PackageManager.getPackageInfo.

Clients that wish to change the information are required to
hold the permission android.permission.CHANGE_OVERLAY_PACKAGES.

Each pair of overlay package and corresponding target package is
respresented by a new OverlayInfo class. This class mirrors the
existing PackageInfo class.

Overlay packages are handled per Android user. The data is persisted in
/data/system/overlays.xml.

Co-authored-by: Martin Wallgren <martin.wallgren@sonymobile.com>
Signed-off-by: Zoran Jovanovic <zoran.jovanovic@sonymobile.com>
Bug: 31052947
Test: run tests from 'OMS: tests for OverlayManagerService'
Change-Id: I15325e173193df3240b8dc0a58c852fd7a3d5916
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a28071306ec86da664603ff08e74ec7acadbd427 26-Jan-2017 Amith Yamasani <yamasani@google.com> Clear up /data/misc_ce/user folder on delete and reboot

Clean up the folder to avoid leaving residue behind when
a user is removed. This was causing issues with reusing
the userid. Also check on reboot for incomplete cleanup
and remove the folders.

Change-Id: Icd21d2669249d5f87032ef0fe95bad49537fa477
Fixes: 34736064
Test: Manual
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
75a6d9c8759fd92d441ab4a791c637f38db3804b 26-Jan-2017 Calin Juravle <calin@google.com> Merge "Notify DexManager about new package installs"
bcf3b70371a98878bcad088914a886df4217f555 26-Jan-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Adding an api for apps to check whether they can install apps"
aef2513c7157a28236d097a81fe74d7ba6b710c9 24-Jan-2017 Suprabh Shukla <suprabh@google.com> Adding an api for apps to check whether they can install apps

Some apps may want to check whether they are trusted to install apps on
the device, so they can prompt the user to go to settings and mark them
as trusted before they do an intensive operation like downloading an
apk.

Test: cts-tradefed run cts -m CtsExternalSourcesTestCases

Bug: 31002700
Change-Id: Icd9d04daa157e6733decba245ec251ce4acd4122
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4e8628157ad0c8c52e74b720eb0328086272ffda 22-Nov-2016 Adam Lesinski <adamlesinski@google.com> Add support for Split APK dependcies

Apps can now declare in their base APK AndroidManifest.xml
that they want to have their split APKs loaded in isolated
Contexts. This means code and resources from the split
get loaded into their own ClassLoader and AssetManager.

<manifest xmlns:android="..."
...
android:isolatedSplits="true"
...

In order to make this more useful, splits can declare dependencies
on other splits, which will all get pulled in to the Context
and run as expected at runtime.

A split declares its dependency on another split by using the
tag <uses-split> in its AndroidManifest.xml:

<manifest xmlns:android="...">
...
<uses-split android:name="feature_split_1" />
...

A split can have a single parent on which it depends on. This is
due to the limitation of having a single ClassLoader parent.
All splits depend on the base APK implicitly.

PackageManager verifies that no cycles exist and that each dependency
is present before allowing an installation to succeed.

The runtime will then load splits based on the dependencies.

Given the following APKs:

base <-- split A <-- split C
^----- split B

If an Activity defined in split C is launched, then the base,
split A, and split C will be loaded into the ClassLoader defined
for the Activity's Context. The AssetManager will similarly be loaded
with the resources of the splits.

A split can be manually loaded by creating a Context for that split, defined
by its name:

Context.createContextForSplit("my_feature_split_1");

All installed Activities, Services, Receivers, and Providers are accessible
to other apps via Intent resolution. When they are instantiated, they are
given the appropriate Context that satisfies any dependencies the split they
were defined in stipulated.

Test: WIP (CTS tests to come)
Change-Id: I8989712b241b7bc84381f2919d88455fcad62161
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0d4b8f8b0c963d9a1f5cb6aff11a11195a3df225 24-Jan-2017 Calin Juravle <calin@google.com> Notify DexManager about new package installs

This will update the internal cache so that the secondary dex files of
the new package can be found when loaded.

Test: runtest -x .../DexManagerTests.java

Bug: 32871170
Change-Id: I0cb7158af249feeb01cf578a7544dda978eede9d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1a2928842069da80fe03f0fb88e7d8861815b42d 24-Jan-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Add an accidentally removed call to update libs"
4fa94da34b0c2b15b68821a694c3eed1e43c058c 24-Jan-2017 Svetoslav Ganov <svetoslavganov@google.com> Add an accidentally removed call to update libs

Disabled system package may define a lib which its
update does not. When the update is uninstalled we
need to upate the libs so ppl can use the lib in
the now restored sys package.

Change-Id: I22e6aafde86838fa76aa74eda8dfe2c528f998aa
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5733d9de2ce946789c4d777179eb251cc3526d27 23-Jan-2017 Svetoslav Ganov <svetoslavganov@google.com> Allow shared lib and package name to match

The old package manager implementation was guarding for
shared libs to not match any package name but due to a
bug this was not enfroced and as a result we have apps
where the package and lib match, e.g. GCore. The new
static shared lib support properly enforced the rule
breaking apps. So, this CL relexes the constraint.

Test: CTS test in the topic passes

bug:34598313

Change-Id: I15d22fd1c3a44a27c4b9b8379de3992ae553dd05
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
540dcb222e14522e037fd0c6b69b21f14ac92b24 23-Jan-2017 Todd Kennedy <toddke@google.com> null check

Fixes: 34598376
Test: Manual
Change-Id: Ia2508434f6fada2219c1eea9b05f9101fc4490e3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6788212d17f54475ca9c3dd689a863e031db868f 12-Dec-2016 Svet Ganov <svetoslavganov@google.com> Platform support for static shared libraries

This change adds support for static shared libraries that
emulate static linking allowing apps that statically link
against the same library version to share a common
implementation. A library is hosed by a package in a standard
APK.

Static shared libraries have a name and a version declared
by a dedicated manifest tag. A client uses also a new tag
to refer to the static library it uses by specifying the
lib name, version, and the hash of the signing certificate.
This allows two apps to rely on two different library versions
and prevents impersonation of the shared library by a side-loaded
app with the same package name.

Internally apps providing static libs use synthetic package
name generated from the manifest package name and the library
version. This allows having different "versions" of the same
package installed at the same time.

An application cannot be installed if a static shared lib it
depends on is missing. A used shared library cannot be uninstalled.
Shared libraries can rotate certificates like normal apps. The
versions of these libs should be ordered similarly to the version
codes of the hosting package. Such libs cannot use shared user
id, cannot be ephemeral, cannot declare other libraries, cannot
rename their package, cannot declare child-packages. They must
target O SDK. Also they cannot be suspended or hidden or their
uninstall blocked. Generally, speaking policy regarding code in
static shared libs should be applied to the packages using the
library as it could have just statically linked the code.

We now have APIs to query information about the shared libraries
on the device in general. To clients static shared libraries are
presented as multiple versions of the same package which is how
they are declared and published. Therefore, one can have two
versions of the same package which means we need way to query
for and uninstall a specific version of a package. Also static
shared libs can depend on other static shared libs which are
versioned packages. To ease representation we add the concept
of a versioned package which should be used in the case of
static shared libs.

A client can see only the static shared libs it depends on and
more specifically only the versions it depends would be retrieved
by using the standard package manager APIs. There is a new
dedicated API to get info about all shared libraries which
would provide data about all static shared lib versions. Also
these libraries must use v2 signing scheme.

Test: CTS tests pass

bug:30974070

Change-Id: I4f3d537ee7a81f880950377b996e1d9d4813da5c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aaad776c2ce45b8caf629febea004c08eeebfd94 20-Jan-2017 Bartosz Fabianowski <bartfab@google.com> Merge "Allow system to retrieve persistent preferred activities"
4c0659f5313bcc70be704a3808af9e670f467ee6 20-Jan-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Enable background restrictions"
a2b1774d758b58fc5977f631eff76fa21d303906 20-Jan-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Grant access to ephemeral metadata"
54df14956eb890bcd92ffa1590705f8b417ccf5b 20-Jan-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Disable moving 3rd party apps to internal if not allowed."
42a386b7717300bf6d75cbd3b4f7ad00f294be0d 07-Nov-2016 Christopher Tate <ctate@google.com> Enable background restrictions

Apps that target O+ are always subject to background restrictions.
Legacy apps' background restriction is subject to the OP_RUN_IN_BACKGROUND
app op.

Apps with these properties are exempted from background restrictions:
- persistent process
- currently on the idle battery whitelist
- global whitelist for things like bluetooth services

Bug 30953212

Change-Id: Icc19b2fbc05f40dcf8c3fc4abf718c373dc8d4f6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
022b8eaa1def76dca0ac9b409065588f55c71597 16-Dec-2016 Yao Chen <yaochen@google.com> Disable moving 3rd party apps to internal if not allowed.

ag/1633903 added config_allow3rdPartyAppOnInternal flag to specify
whether 3rd party apps are allowed on internal storage. We need to
respect the flag when moving apps between storages.

Bug: 30980219

Test: Added ApplicationPackageManagertest

Change-Id: I0f8e76467b5071d70f40da28c2087e689c049c06
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0e989d00ed1e95be0ccb77c29846ee0b6ac33356 13-Jan-2017 Todd Kennedy <toddke@google.com> Grant access to ephemeral metadata

When an ephemeral application explicitly accesses an
installed application, it grants access to its package
metadata. The ephemeral application effectively stays
hidden if it doesn't explicitly connect to any activity,
service or provider [i.e. implicit connections using
an ACTION_VIEW/CATEGORY_BROWSABLE intent will not expose
its metadata].

Bug: 34123112
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Change-Id: I7e1680902599b3ada0d4fba5998af30566017051
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e1a774e3590ddaa6533c6855f712f919afbc408b 19-Jan-2017 Jeff Sharkey <jsharkey@android.com> Merge "Follow installd API changes." am: 915f279556 am: 6b662722f0 am: 5e17fe3e8c
am: f52972ad8b

Change-Id: Ib22fb4e87944824a64faf93667181a8bc56098ef
f52972ad8b08310aee9e725f0838d6abdbcd5a2b 19-Jan-2017 Jeff Sharkey <jsharkey@android.com> Merge "Follow installd API changes." am: 915f279556 am: 6b662722f0
am: 5e17fe3e8c

Change-Id: I4b812be109896a3574b1034033c163d8f2872e59
5e17fe3e8c0cd9560c0832a9412b75c107b3c3d6 19-Jan-2017 Jeff Sharkey <jsharkey@android.com> Merge "Follow installd API changes." am: 915f279556
am: 6b662722f0

Change-Id: Ia9406884d17226b10cae21fd2d98eecb9e5e7253
6b662722f01beac91c74862b521c9d5d5bfc5092 19-Jan-2017 Jeff Sharkey <jsharkey@android.com> Merge "Follow installd API changes."
am: 915f279556

Change-Id: Ib362db25a0393e859909e06a00dbb0c655fd4b47
d9fa667e2db634ceedbbb793ab3210cb7b229920 18-Jan-2017 Bartosz Fabianowski <bartfab@google.com> Allow system to retrieve persistent preferred activities

This CL allows system code to retrieve persistent preferred activities
(default intent handlers set by a Device Owner or Profile Owner app).
Settings will use this information to indicate which default apps were
set by the admin.

There is no public PackageManager API. Settings will call via the
IPackageManager interface directly.

Bug: 32692748
Test: Will be CTS-verifier-tested together with Settings

Change-Id: Ibd0a39f13852a9117836ca75cc0882e4cbe0ec1d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9e83cbbc10014b3ed560b3181f594868cd89f9ae 19-Jan-2017 Chris Tate <ctate@android.com> Revert "Enable background restrictions"

This reverts commit 21f778060badb1e78bffde05e8de7662d275003d.

Change-Id: I65586f9739da84fb32b51b0ea166b8288c41d1b3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
155873057fa576c0516677acb86e6bf5f586baf8 18-Jan-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Enable background restrictions"
21f778060badb1e78bffde05e8de7662d275003d 07-Nov-2016 Christopher Tate <ctate@google.com> Enable background restrictions

Apps that target O+ are always subject to background restrictions.
Legacy apps' background restriction is subject to the OP_RUN_IN_BACKGROUND
app op.

Apps with these properties are exempted from background restrictions:
- persistent process
- currently on the idle battery whitelist
- global whitelist for things like bluetooth services

Bug 30953212

Change-Id: Ib444829a2d222125f64ff19e8218823fa78373f9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
36ba022316e61f28581c946fcbb9b7123a14da75 18-Jan-2017 Jeff Sharkey <jsharkey@android.com> Follow installd API changes.

Test: builds, boots, clearing strategy looks sane
Bug: 33965858
Change-Id: Ie5bbb71fb7a464999215c22e5a1fef0c07a620a4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4a601f972a9930e26aa2ead8995cc8b97c1844b3 17-Jan-2017 Svet Ganov <svetoslavganov@google.com> DO NOT MERGE ANYWHERE Skip review permissions if package is installed with -g.

Bug: 34193954

Change-Id: Id744fd190ef78e498e635c2ab9936f12d0bbc917
(cherry picked from commit 6130fb741c86d7d4f0f86e3a875c3eca1fe8aa51)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2646571a0ef94401938f067de909d9811594df3a 13-Jan-2017 Bartosz Fabianowski <bartfab@google.com> Ensure correct install reason

When installing a package, we trust the installer to set the install
reason correctly. However, there are cases where we know what the
install reason should be (e.g. install by Device Owner or Profile Owner
should always be recorded as caused by enterprise policy) or we do not
trust the installer (e.g. an ordinary app not acting on behalf of an
enterprise should not be allowed to set the install reason to enterprise
policy).

This CL introduces a fix-up method that enforces these rules.

Bug: 32692748
Test: Manually tested all scenarios; DO case also covered by CTS

Change-Id: I18eb891401c9e38546f823a14f67391c94b22e28
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6130fb741c86d7d4f0f86e3a875c3eca1fe8aa51 17-Jan-2017 Svet Ganov <svetoslavganov@google.com> Skip review permissions if package is installed with -g.

Bug: 34193954

Change-Id: Id744fd190ef78e498e635c2ab9936f12d0bbc917
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e77f180149231ff898f7cfe3f8c66285677dbbed 17-Jan-2017 Svet Ganov <svetoslavganov@google.com> DO NOT MERGE: Propagate revoked permissions in permission review mode am: 4518d0be16
am: 1e3fd31932

Change-Id: I0bb05ec8471c8f4de55ac295650424caaa86748e
1e3fd31932c3726a577289a095cc79f97e25144b 17-Jan-2017 Svet Ganov <svetoslavganov@google.com> DO NOT MERGE: Propagate revoked permissions in permission review mode
am: 4518d0be16

Change-Id: If068f8560868264079b2d867ff3b08234dac9b96
20cf769d96f1a2dae9e99d50f0d3dedc1e92b83f 17-Jan-2017 Svet Ganov <svetoslavganov@google.com> DO NOT MERGE: Propagate revoked permissions in permission review mode
am: 4518d0be16

Change-Id: Id0525c380c7b9aaf8c160b1e4fad24b9b2756a0d
4518d0be1623c8d1925db9d480618f6c46ff1461 17-Jan-2017 Svet Ganov <svetoslavganov@google.com> DO NOT MERGE: Propagate revoked permissions in permission review mode

In permission review mode we represent install permissions for legacy
apps as constantly granted runtime ones since we need to keep per
user flags associated with a permission. We were not propagating
a revoked permission for a legacy app when the later is upgraded to
a modern app when permission review is enabled.

Test: CTS test passes and manual testing worked fine

Bug: 34240393
Change-Id: I32b8ffee89cc034661f8eb5a172dbe2349ea4a18
(cherry picked from commit fe0253b34ec4fdb6afceb11193f29029b524866a)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fff1e744e3f72094e81b01134752d8f48c86d8e5 17-Jan-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Propagate revoked permissions in permission review mode"
fe0253b34ec4fdb6afceb11193f29029b524866a 17-Jan-2017 Svet Ganov <svetoslavganov@google.com> Propagate revoked permissions in permission review mode

In permission review mode we represent install permissions for legacy
apps as constantly granted runtime ones since we need to keep per
user flags associated with a permission. We were not propagating
a revoked permission for a legacy app when the later is upgraded to
a modern app when permission review is enabled.

Test: CTS test passes and manual testing worked fine

Change-Id: I32b8ffee89cc034661f8eb5a172dbe2349ea4a18
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
eda5d5183e5bc0fc63027b77b7dfd7d407bf22d6 17-Jan-2017 Jeff Sharkey <jsharkey@android.com> Only persist category hint when actually mutated.

Otherwise we're churning disk.

Test: builds, boots
Bug: 34328134
Change-Id: Iabc485b9ce3644e914240b5de5bcea98d939b2cb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f5bda2874f353106bf86aaba77876590218f89bf 16-Jan-2017 Narayan Kamath <narayan@google.com> Merge "PackageParser: Disable package cache on "eng" builds."
9e0642287e1f6d907356f1724272332f0db7f7af 14-Jan-2017 Bartosz Fabianowski <bartfab@google.com> Merge "Add install reason"
21a2838e3474c7b7918ca638be70aa1c27649117 13-Jan-2017 Narayan Kamath <narayan@google.com> PackageParser: Disable package cache on "eng" builds.

- Catch a wider variety of exceptions from the package parse
stage. Ignore and delete the cache entry if we catch *any*
exceptions from deserializing the parse result.

- Rename the system property pm.boot and not ro.boot, since the
former needs less effort to change back and forth.

- Finally, add a heuristic to wipe caches on non-numbered
userdebug builds when changes to the system partition are detected.

Also re-enable the cache by reverting commit
20274d15d8f40112dd13d01980c210b49f78cda9.

Test: Manual
Change-Id: I7b5b71ac60d8c438398c354be50b207e80550148
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a34f53f61be31b7171d6cbcb12490ee143acffff 11-Jan-2017 Bartosz Fabianowski <bartfab@google.com> Add install reason

This CL allows a reason to be specified when installing a package. The
install reason is a sticky piece of metadata: When a package is e.g.
installed via enterprise policy and an update is then manually
installed or sideloaded, the install reason will remain "policy."
The install reason is tracked separately for each user.

With this CL, two install reasons exist: "policy" and "unknown." Other
install reasons will likely be supported in the future.

Bug: 32692748
Bug: 33415829
Test: Tested manually with "adb install" / "adb uninstall"

Change-Id: I0c9b9e1b8eb666bb6962564f6efd97e41703cd86
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
244a63a2d359c1df8fd85291ab336dbf89b91a72 13-Jan-2017 Todd Kennedy <toddke@google.com> Merge "Allow starting ephemeral apps from 'am'"
54b8e5deae9c461ad2c98f7b78154da01c953155 12-Jan-2017 Todd Kennedy <toddke@google.com> Merge "Turn off caching temporarily until we can address some of the issues."
20274d15d8f40112dd13d01980c210b49f78cda9 12-Jan-2017 Todd Kennedy <toddke@google.com> Turn off caching temporarily until we can address some of the issues.

Revert "PackageManagerService: Enable package parse cache."

This reverts commit 6453db68ca47cd9c686142b8eab3c98f51fd19b4.

Change-Id: I88b6e08a64827550abda91df2dc06611cedeab62
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0078e1b777fbd1b8d9e734632185851fee720cc9 12-Jan-2017 Jeff Sharkey <jsharkey@android.com> Add support for fallback categories.

When an app doesn't define a category, look for a fallback category
in a hard-coded list. This change only defines a fallback for a
single package, but device-specific overlays can be used to provide
more detailed fallback lists.

The precidence order is: app manifest > installer hint > fallback

Test: builds, boots, fallback categories work
Bug: 33815939
Change-Id: I1f5ca76fb7e5743a4500c0a1230a754266f34d9e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9bc89af3f1bce8003ee4f93b89a1770d8f5b9cc9 11-Jan-2017 Jeff Sharkey <jsharkey@android.com> Add API for apps to declare their "category".

Upcoming platform features need to cluster apps together into broad
categories to help summarize information to users. (For example,
when presenting battery, network, and disk usage.)

We are tightly limiting the set of categories to keep them easily
presentable to users when summarizing information. This feature is
not designed to be a general-purpose taxonomy, nor should it be
allowed to become one.

Older apps may not have defined a category in their manifests, so
allow the installing app to define a category on their behalf.

Test: builds, boots
Bug: 33815939
Change-Id: I785b882ee7c18072ef47d56e0fc19ad72888e1b7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
44f1b306663f2b9b04934c05dc35640821419c59 10-Jan-2017 Todd Kennedy <toddke@google.com> Allow starting ephemeral apps from 'am'

We previously filtered any ephemeral app if either startActivity or
queryIntentActivities was called from a non-ephemeral app. However,
the system should have access to all activities [ephemeral or not]

Bug: 33458220
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Change-Id: I381862e3848b2e6f7f7b2612e9cc8977a1e132ab
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6d90cdb03bdead1b717c714e699ca14f50c9bb97 11-Jan-2017 Calin Juravle <calin@google.com> Do not try to resolve realpath in DexManager. am: b96dba9bad am: b8f31d8a85
am: d86ca1cd25

Change-Id: I6b01cc2af9447ca2d5a871c6e1dd9ccf8d84e640
a9911290edcda9a0e2b6f430e3bc28f91697014f 11-Jan-2017 Calin Juravle <calin@google.com> Record data about dex files use on disk am: 5a9094c1b6 am: dc10a3bdb0
am: ea1c34d45e

Change-Id: Ie9f489ff2ec89e9014eb683e269139ba633762bb
d86ca1cd2503a7554e6a98ce1bff48fdd72eda6c 11-Jan-2017 Calin Juravle <calin@google.com> Do not try to resolve realpath in DexManager. am: b96dba9bad
am: b8f31d8a85

Change-Id: I4b9e9c0781a4db89a49d588bcebb953c6144f5a3
ea1c34d45eacd9d20860b5dee1559be7fbfbfb9d 11-Jan-2017 Calin Juravle <calin@google.com> Record data about dex files use on disk am: 5a9094c1b6
am: dc10a3bdb0

Change-Id: Ife1e626d722ba129cdcb6cd4a8f454cf28ca267c
b8f31d8a854362b2e8c1306a5debbfb31d79453b 11-Jan-2017 Calin Juravle <calin@google.com> Do not try to resolve realpath in DexManager.
am: b96dba9bad

Change-Id: I67aba48784bca9a51f63e47b54c211ba535dd0e4
dc10a3bdb0e07aaa6a093a4f97e536278eb48e19 11-Jan-2017 Calin Juravle <calin@google.com> Record data about dex files use on disk
am: 5a9094c1b6

Change-Id: I50378b1351a5ae83ac55f1b26e2e0c5f3230c6d2
619d6282c3c263672113efee8e1e386de480e119 11-Jan-2017 Treehugger Robot <treehugger-gerrit@google.com> Merge changes I5b94a8f0,Ie6cdd846,Ie6b5f5e6,Ib962edf6,I9d779b2d, ...

* changes:
Add an extra debug flag to BackgroundDexOptimizer
Some refactoring in BackgroundDexOptService.
Do not try to resolve realpath in DexManager.
Log DexManager realpath errors only in debug mode.
Record data about dex files use on disk
Add logic for recording dex files use on disk
b96dba9badc18f1c831c0c83ff7934f6aaf4f51c 22-Dec-2016 Calin Juravle <calin@google.com> Do not try to resolve realpath in DexManager.

PM should already provide the real path of the application directory.

Test: runtest -x .../DexManagerTests.java

Bug: 33807524
Bug: 32871170

(cherry picked from commit c066205cea051c6d9f386188b9cb426c03dbee2d)

Change-Id: Ie6b5f5e61d08710e7ef7d3149b7b13cc7d03a242
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5a9094c1b6e5797327674d4f12fa1ac4ade7275c 16-Dec-2016 Calin Juravle <calin@google.com> Record data about dex files use on disk

Add DexManager to keep track of how dex files are used.

Every time a dex file is loaded, PackageManager will notify DexManager
which will process the load. The DexManager will look up what package
owns the dex file and record its use in package-dex-usage.list (through
PackageDexUsage).

Test: device boots, package-dex-usage.list is created and contains valid data, after device reboot the list is succesfully read from disk.
runtest -x .../PackageDexUsageTests.java
runtest -x .../DexManagerTests.java

Bug: 32871170

(cherry picked from commit b8976d8f22fecaa9ed39276d9d8ded17d35b51a6)

Change-Id: I9d779b2d39814d7c54fc7a888df93d403a001df5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bd439dcef072fd9a853a6bc9055cfa347ad7c969 10-Jan-2017 Jeff Sharkey <jsharkey@android.com> Merge "Methods to calculate user and external disk usage." am: 6a9ad14172 am: 7beb2b75a9 am: 669affdb8e
am: 91b91b7f86

Change-Id: I7859db9f53560ad602bb26f37854bdfc02f15d09
91b91b7f86d890ef4c0210b1dfb78e2aa3a7dc10 10-Jan-2017 Jeff Sharkey <jsharkey@android.com> Merge "Methods to calculate user and external disk usage." am: 6a9ad14172 am: 7beb2b75a9
am: 669affdb8e

Change-Id: I698dd15a397f16dd2358729362860443f7e81a33
669affdb8e70043e3ecb8274251f609cb529bbf0 10-Jan-2017 Jeff Sharkey <jsharkey@android.com> Merge "Methods to calculate user and external disk usage." am: 6a9ad14172
am: 7beb2b75a9

Change-Id: I236eb3357b597cac26f5234a72551a471919a411
7beb2b75a92c22a6bfcc9caeece737e4ea0fd562 10-Jan-2017 Jeff Sharkey <jsharkey@android.com> Merge "Methods to calculate user and external disk usage."
am: 6a9ad14172

Change-Id: Ie4ab045a5425b35ce1bdd245f7c6ab248c796df2
82ca90171fdd5b76f58225bacbf9939a76350712 09-Jan-2017 Jeff Sharkey <jsharkey@android.com> Methods to calculate user and external disk usage.

Add method to calculate user disk usage, which will be faster than
making a Binder call for every single appId under a user. Add method
to calculate external disk usage, which uses file extensions to track
usage with "audio", "video", and "images" categories.

Start measuring internal and external storage space separately; new
GIDs are coming in a future CL. Pass down all package names, inodes,
and code paths, since shared UIDs host more than one.

Test: builds, boots, stats are consistent
Bug: 27948817, 32206268
Change-Id: Icbb82a30fe711ef05e9a16bb1dc740dc943a9ddc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9f7b7ce0c8119bd16ddc4571600b5ca25879da48 09-Jan-2017 Calin Juravle <calin@google.com> Merge "Do not try to resolve realpath in DexManager."
6453db68ca47cd9c686142b8eab3c98f51fd19b4 05-Jan-2017 Narayan Kamath <narayan@google.com> PackageManagerService: Enable package parse cache.

Bug: 30792387
Test: FrameworksServicesTests

Change-Id: I817adea928832993afa6182d0510be8abf38e4bb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c066205cea051c6d9f386188b9cb426c03dbee2d 22-Dec-2016 Calin Juravle <calin@google.com> Do not try to resolve realpath in DexManager.

PM should already provide the real path of the application directory.

Test: runtest -x .../DexManagerTests.java

Bug: 33807524
Bug: 32871170
Change-Id: I700419157bf5532af6437812b7e0a76f80057022
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5c50e8630164d7d9a1a097f70d2f8bcbf1bd854f 24-Nov-2016 Narayan Kamath <narayan@google.com> PackageManagerService: Implement packageParser cache in ParallelPackageParser.

We save about 2800ms of cold startup time over baseline on a marlin,
and ~1200 ms over the parallel parsing case.

warm cold
---------------
Baseline : 1700ms 4300ms
Parallel : 1400ms 2700ms
Cache : 1000ms 1600ms
Cache & parallel : 900ms 1500ms

Note that further changes will improve the speed of cache processing.

This change also includes support for :
- a flag that been flipped in code (currently set to false).
- disabling the cache via a system property.
- wiping the cache on system upgrades.
- cache versioning.

Bug: 30792387

Test: FrameworksServicesTests
Test: manual timing

Change-Id: I281710c110af5307901dd62ce93b515287c91918
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
dbc2ef417b5689dc502c52312e99f5dc2fd730a3 03-Jan-2017 Jeff Sharkey <jsharkey@android.com> Merge "Offer to measure disk stats using quotas." am: f8720b95be am: 4b80a4a372 am: 1e1cdbead1
am: 7664e61885

Change-Id: I91c0810aad2ec530650855bcd2f1d25c309717a1
7664e6188574a6a10b5dcb70791b15fe3a8c4707 03-Jan-2017 Jeff Sharkey <jsharkey@android.com> Merge "Offer to measure disk stats using quotas." am: f8720b95be am: 4b80a4a372
am: 1e1cdbead1

Change-Id: Ic00acfb0efb6188a15357322528075d41467310b
1e1cdbead134b55301786c85e8fe5ec8776df061 03-Jan-2017 Jeff Sharkey <jsharkey@android.com> Merge "Offer to measure disk stats using quotas." am: f8720b95be
am: 4b80a4a372

Change-Id: I2ab9a2bd2ff60cafea332998789ad947dda0140b
4b80a4a3727f7f9fc45997fb6c1ac8e708a2bc65 03-Jan-2017 Jeff Sharkey <jsharkey@android.com> Merge "Offer to measure disk stats using quotas."
am: f8720b95be

Change-Id: I56bab3ec4895c232ce8287623827c20f2dbfaaf6
5eb3eb58acf18dd624c477d5b11b45a23aea6261 13-Dec-2016 Jeff Sharkey <jsharkey@android.com> Offer to measure disk stats using quotas.

Now we're getting somewhere! This CL starts measuring disk usage
using quotactl(), which is almost instant and has much lower impact
on flash memory lifetime.

We now grant the per-app cache GID to every launched app, and the
ContextImpl logic that creates cache directories matches the logic
down in installd.

Test: builds, boots, quota stats match manual stats
Bug: 27948817
Change-Id: Ie269a2958ce0e1c17cb74dbfecc791a5c12922cf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ff8d66bbc2fa20b5711becf5e9266a69fbefc2ec 29-Dec-2016 Svetoslav Ganov <svetoslavganov@google.com> Don't allow permission change to runtime

Prevent apps to change permission protection level to dangerous
from any other type as this would allow a privilege escalation
where an app adds a normal permission in other app's group and
then redefines it as dangerous leading to the group auto-grant.

Test: Added a CTS test which passes.

bug:33860747

Change-Id: Icd2d596d42ae2c6cf569c016d20d9bb9106a29ef
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5b95d07725b629272f202993f3620a7b0f1dd6fb 29-Dec-2016 Svetoslav Ganov <svetoslavganov@google.com> Revert "Don't allow permission change to runtime"

This reverts commit 0f929c53201264da0ae908e349c904f2fa930e29.

Change-Id: I1b86461e352a6a2cf3d32748e06c7d5806937667
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0f929c53201264da0ae908e349c904f2fa930e29 28-Dec-2016 Svetoslav Ganov <svetoslavganov@google.com> Don't allow permission change to runtime

Prevent apps to change permission protection level to dangerous
from any other type as this would allow a privilege escalation
where an app adds a normal permission in other app's group and
then redefines it as dangerous leading to the group auto-grant.

Test: Added a CTS test which passes.

bug:33860747

Change-Id: I1ccf546f78ee79ff027cb98124be81c8e5265a82
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
37d37f0fa9f033d74b3c8d01bd0a0538359e2071 22-Dec-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Settings recovery support"
e080da9ee027fcd030aa92ea26fd0ed9f031674f 22-Dec-2016 Svetoslav Ganov <svetoslavganov@google.com> Settings recovery support

This change allows the system to perform iterative reset
of changes to settings in order to recover from bad a
state such as a reboot loop.

To enable this we add the notion of a default value. The
default can be set by any package but if the package that
set it is a part of the system, i.e. trusted, then other
packages that are not a part of the system, i.e. untrusted,
cannot change the default. The settings setter APIs that
do not take a default effectively clear the default. Putting
a setting from a system component always makes it the
default and if the package in not trusted then value is
not made the default. The rationale is that the system is
tested and its values are safe but third-party components
are not trusted and their values are not safe.

The reset modes from the least intrusive are: untrusted
defaults - reset only settings set by untrusted components
to their defaults or clear them otherwise; untrusted clear
- clear settings set by untrusted components (or snap to
default if provided by the system); trusted defaults - reset
all settings to defaults set by the system or clear them
otherwise.

Also a package can reset to defaults changes it made to
the global and secure settings. It is also possible to
associate a setting with an optional token which can then
be used to reset settings set by this package and
associated with the token allowing parallel experiments
over disjoint settings subsets.

The default values are also useful for experiment (or
more precisely iterative tuning of devices' behavior in
production) as the stable configuration can be set to
the "graduated" safe defaults and set the values to the
experimental ones to measure impact.

Test: tests pass

Change-Id: I838955ea3bb28337f416ee244dff2fb1199b6943
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1bf4a521443543779afbf540709244eb1c736bea 21-Dec-2016 Fyodor Kupolov <fkupolov@google.com> Merge "Revert "Settings recovery support""
457608986ca2e44cbe1677523d1892f1d8c8f985 21-Dec-2016 Fyodor Kupolov <fkupolov@google.com> Revert "Settings recovery support"

This reverts commit aa31697424064f823019c068d66fac704e5a2fc1.

Fixes: 33799277
Change-Id: I438e97c6a81512c673f20f6a01d3b9715c2dbf8a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e83feea26acbeb61de0daa8b0d1076eb662e7b09 21-Dec-2016 Calin Juravle <calin@google.com> Merge "Record data about dex files use on disk"
5be781d874198ed476da31e800a1354c826ca689 21-Dec-2016 Calin Juravle <calin@google.com> Merge "Report non-primary dex files loads to PM" am: f23ea2ca62 am: 78b3889804
am: 9947e79b26

Change-Id: I8ddb7756c0690584343cb026a298bc5f0b8d4e27
9947e79b263dbefcd760e0014d088db65f16eecd 21-Dec-2016 Calin Juravle <calin@google.com> Merge "Report non-primary dex files loads to PM" am: f23ea2ca62
am: 78b3889804

Change-Id: Iaf17def2729170403fa61ce0e09ced4675a47191
78b388980445b6b35f41b5b1d45ad1dba2ada632 21-Dec-2016 Calin Juravle <calin@google.com> Merge "Report non-primary dex files loads to PM"
am: f23ea2ca62

Change-Id: I5eb9f8c8bc7e66c074adb95ad5dfec412cec539c
f23ea2ca62e2e652004f538e55282c140c3813a4 21-Dec-2016 Calin Juravle <calin@google.com> Merge "Report non-primary dex files loads to PM"
aa31697424064f823019c068d66fac704e5a2fc1 07-Nov-2016 Svet Ganov <svetoslavganov@google.com> Settings recovery support

This change allows the system to perform iterative reset
of changes to settings in order to recover from bad a
state such as a reboot loop.

To enable this we add the notion of a default value. The
default can be set by any package but if the package that
set it is a part of the system, i.e. trusted, then other
packages that are not a part of the system, i.e. untrusted,
cannot change the default. The settings setter APIs that
do not take a default effectively clear the default. Putting
a setting from a system component always makes it the
default and if the package in not trusted then value is
not made the default. The rationale is that the system is
tested and its values are safe but third-party components
are not trusted and their values are not safe.

The reset modes from the least intrusive are: untrusted
defaults - reset only settings set by untrusted components
to their defaults or clear them otherwise; untrusted clear
- clear settings set by untrusted components (or snap to
default if provided by the system); trusted defaults - reset
all settings to defaults set by the system or clear them
otherwise.

Also a package can reset to defaults changes it made to
the global and secure settings. It is also possible to
associate a setting with an optional token which can then
be used to reset settings set by this package and
associated with the token allowing parallel experiments
over disjoint settings subsets.

The default values are also useful for experiment (or
more precisely iterative tuning of devices' behavior in
production) as the stable configuration can be set to
the "graduated" safe defaults and set the values to the
experimental ones to measure impact.

Test: tests pass

Change-Id: I8c23b145d4f8ee0de2f29dedaa4641ac59343d6a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d5115103fcc6e1dc352ff002f6eb6b5c982f17d9 20-Dec-2016 Chad Brubaker <cbrubaker@google.com> Merge "Require targetSdk >= O for ephemeral installs"
83dcc26065ce6f5b846c10edf08473c79ecb8a7b 20-Dec-2016 Tony Mak <tonymak@google.com> DO NOT MERGE: Cross profile candidate should be considered
am: ff11122ddc

Change-Id: I9de28d980021579d70d85193b1994ddca042d4fa
ff11122ddc170ef6583f39c2402d802941e1fab4 02-Nov-2016 Tony Mak <tonymak@google.com> DO NOT MERGE: Cross profile candidate should be considered

Bug: 32547783

Fixed the regression introduced in 8e2d9d1d9050e93b15c54e992698325c7d4aa57c

Test: Manual test - Open a map link in work calendar, personal map is shown as an option.

Change-Id: If5651b5e09cf1916813e8f91dbdcdf53f9119ef2
(cherry picked from commit 9f2c93663c2de84f958eebef96a98458ebaf51a9)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e9ff480804b82ca8768ebca6d07c52c95a622e67 20-Dec-2016 Jeff Sharkey <jsharkey@android.com> Merge "Remove ~1/3 of the installd calls at boot." am: 5bc305b97c am: d948865e27 am: e36f449c90
am: bdf62c82c8

Change-Id: Iae00facaf7131c24e0480e909d7386b8ad64e6d1
bdf62c82c8b2c3f8970301bd225979d3d8a389ba 20-Dec-2016 Jeff Sharkey <jsharkey@android.com> Merge "Remove ~1/3 of the installd calls at boot." am: 5bc305b97c am: d948865e27
am: e36f449c90

Change-Id: I818578f22a8988a141636694ae3811ad2d45f52e
e36f449c905c7cb46eda6e6f9177f2cd5d8bd6f3 20-Dec-2016 Jeff Sharkey <jsharkey@android.com> Merge "Remove ~1/3 of the installd calls at boot." am: 5bc305b97c
am: d948865e27

Change-Id: Iaf9d7f9a3f7d2fd34a11ec2ee80d849fc7dd0078
d948865e276cde672649ff95b7736a71366c4949 20-Dec-2016 Jeff Sharkey <jsharkey@android.com> Merge "Remove ~1/3 of the installd calls at boot."
am: 5bc305b97c

Change-Id: Ia6af8d920971118f108320d08b15cbe3da59b28a
1c6f72397320c8e4aeb34d55429ee62e2acd432a 20-Dec-2016 Jeff Sharkey <jsharkey@android.com> Remove ~1/3 of the installd calls at boot.

When preparing CE storage for an app, we always perform a second call
to extract any newly created CE directory inode. Let's simplify this
and just return the inode number from the createAppData() call.

Test: builds, boots, reads CE inodes after wipe
Bug: 33463450
Change-Id: I9b73da576800b56d7d0961dd4deb0b6a546acbe7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b8976d8f22fecaa9ed39276d9d8ded17d35b51a6 16-Dec-2016 Calin Juravle <calin@google.com> Record data about dex files use on disk

Add DexManager to keep track of how dex files are used.

Every time a dex file is loaded, PackageManager will notify DexManager
which will process the load. The DexManager will look up what package
owns the dex file and record its use in package-dex-usage.list (through
PackageDexUsage).

Test: device boots, package-dex-usage.list is created and contains valid data, after device reboot the list is succesfully read from disk.
runtest -x .../PackageDexUsageTests.java
runtest -x .../DexManagerTests.java

Bug: 32871170
Change-Id: If5496c3b95820b537260c326d4eaa04eb50b1d8c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9abb501075b1309ff6d238e42fc8cc87ce5c3bdf 23-Nov-2016 Calin Juravle <calin@google.com> Report non-primary dex files loads to PM

Scaffold for the reporting of non-primary dex files loads to the package
manager.

This will enable:
1) monitoring and compilation of secondary dex file
2) better way to track foreign dex file usage (used to determined the
compilation filter of apks).

Test: device boots
Bug: 32871170

(cherry picked from commit 8d2a51f1b8fc35a1d4fda6b6cdfdf2754f1e1211)

Change-Id: I61e65aee471798fbc7a18938647051274c3a058a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
12e15a9c22cbd46e8d18b947b1b3434d5a27df8f 19-Dec-2016 Calin Juravle <calin@google.com> Merge "Report non-primary dex files loads to PM"
c309058efdda3ad5119b1f4a71f4ef51d46eb89d 16-Dec-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "fix leaky apps"
d5f7e30505c351f3db58f791382240d6dece4dec 16-Dec-2016 Todd Kennedy <toddke@google.com> fix leaky apps

We leak installed app information if either the package or component
are specified in the query intents.

Bug: 25119046
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.EphemeralTest
Change-Id: Ide2bc83889cc90bb56b5e13a8c3ddc1ba1901be7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d2a7a674fb52753a791766428de32e0760e0f832 14-Dec-2016 Jorge Lucangeli Obes <jorgelo@google.com> Remove duplicated code.

Maybe the result of a bad merge? The removed section is identical to
the section above.

Bug: None
Test: Marlin builds, boots.
Change-Id: I588f60e60eb89adc606bd433e835caea029c8a72
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8d2a51f1b8fc35a1d4fda6b6cdfdf2754f1e1211 23-Nov-2016 Calin Juravle <calin@google.com> Report non-primary dex files loads to PM

Scaffold for the reporting of non-primary dex files loads to the package
manager.

This will enable:
1) monitoring and compilation of secondary dex file
2) better way to track foreign dex file usage (used to determined the
compilation filter of apks).

Test: device boots
Bug: 32871170
Change-Id: Ib0fe076af2c734dd054f092247a1ec7e2a74a70d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d1c710d5cff55b632e91d95cdba158bbc3879bc8 14-Dec-2016 Michal Karpinski <mkarpinski@google.com> DO NOT MERGE [DPM] Management and retrieval of network logs
am: 4c47adef60

Change-Id: I39486c9d6116023f1ee9bd576b7fcd0fe20023a1
4460839e5ce43777e7f32841e4ab2e2ce0008257 13-Dec-2016 Ivan Podogov <ginkage@google.com> Finish resolving conflict from d23dc17

Test: Treehugger
Change-Id: If7fa9f7e300f3d810e41447369ccbbfbc3963b94
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b42bee9d8ac10525b68c01e1a34c05bd7999382b 12-Dec-2016 Chad Brubaker <cbrubaker@google.com> Require targetSdk >= O for ephemeral installs

This ensures that platform and security features that are gated by
targetSdk are all enabled for ephemeral apps.

Test: adb install --ephemeral succeeds for CUR_DEVELOPMENT, fails for
N_MR1

Change-Id: I41b9ccc4995ba07d9a0c11b2918fa24c71892330
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
903d6414e51ace98fa67fb5bf6f103ff9e4303d5 13-Dec-2016 Ivan Podogov <ginkage@google.com> resolve merge conflicts of b1e2da7 to nyc-mr1-dev-plus-aosp

Test: build police
Change-Id: Ifec1ab6760ebb94b0b411c9c60f07066e151206b
4c47adef60ca0326bdbe124dfdd335382e5c0787 12-Oct-2016 Michal Karpinski <mkarpinski@google.com> DO NOT MERGE [DPM] Management and retrieval of network logs

This CL follows up on ag/1530343 and adds:
1) Various network events.
2) Retrieval method in DPM and APIs in DeviceAdminReceiver.
3) Extension of NetworkLogger and it's NetworkLoggingHandler.

Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/NetworkEventTest.java
Bug: 29748723
Change-Id: I42a1a477e7c75c109a3982f809c22732b814e8b2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
72d633f430264181baf93f3344dfbcf269cd7c62 12-Dec-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Scope package manager queries for ephemeral apps"
c2ac5bde6f6e9cc95a476a2404f020246516ccfc 30-Jun-2016 Svetoslav Ganov <svetoslavganov@google.com> DO NOT MERGE Add Bluetooth toggle prompts - framework

If permission review is enabled toggling bluetoth on or off
results in a user prompt to collect consent. This applies
only to legacy apps, i.e. ones that don't support runtime
permissions as they target SDK 22.

Also added a configuration resource which controls whether
permission review mode is enabled. By default it is not and
an OEM can change this via an overlay. For now we also keep
the old mechanism to toggle review mode via a build property
which is still used and will be removed when clients have
transitioned.

bug:28715749
Change-Id: I77bca2305f9d0f20034b2c8fc5b58e0565d5e617
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7bc3a70966f17bf16acbf4fe640dab0698866d72 08-Dec-2016 Todd Kennedy <toddke@google.com> Scope package manager queries for ephemeral apps

Ephemeral apps can only see their own components or those components
exposed via the "visibleToEphemeral" XML attribute.

Normal apps can only see other normal apps. There is no way to expose
ephemeral components to normal apps.

Bug: 33458220
Test: Manually install ephemeral/normal apps and ensure they can only see appropriate components
Change-Id: I6ae65fd2a6ddc9aa9691f02cd55d4953048966b0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c5b56942024a3211234cf35fed44e3e732143947 11-Dec-2016 Jeff Sharkey <jsharkey@android.com> Merge commit '7797e545239e81a9216994527badcc98178ebfcc' into dec10

Change-Id: I430a39241bd2d278eaf1e01b89be3ad368789f6d
9ff67746e60ce9e49d7c21e2af087c081873c544 11-Dec-2016 Jeff Sharkey <jsharkey@android.com> Merge "Final push of installd to Binder; goodbye socket!" am: 1950377f91
am: 104fd011b2

Change-Id: I4b2ae2329e8842def8682199c5ee8544c22c2be4
740f523b2571d1c4eb4a954e1faedea45dd7fa53 09-Dec-2016 Jeff Sharkey <jsharkey@android.com> Final push of installd to Binder; goodbye socket!

Move last two straggling installd commands to Binder and destroy the
socket-based communication channel forever.

Test: builds, boots, apps install fine, pre-OTA dexopt works
Bug: 13758960, 30944031
Change-Id: I9afb9f71858febde34a94f53839b2986493b68a0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0d0bbd01e93fc716aa4c51bc5d0ad4c0889ccd1b 09-Dec-2016 Jeff Sharkey <jsharkey@android.com> Merge "Prepare to move dexopt calls to Binder." am: d7b144a5e9 am: 35cbe8ffb0 am: 41d75809aa
am: 67c8b01f4d

Change-Id: I1a746e34856b8fa1471ccacd3a8bde1d06866679
41d75809aaeb27da5f0157b202a713f19414de56 09-Dec-2016 Jeff Sharkey <jsharkey@android.com> Merge "Prepare to move dexopt calls to Binder." am: d7b144a5e9
am: 35cbe8ffb0

Change-Id: Ice3c37568ae7185dfe028d3019abf5204aa93963
c98c7bccdccbff1ceeda501e6a6f8c21d61649ca 07-Dec-2016 Jeff Sharkey <jsharkey@android.com> Prepare to move dexopt calls to Binder.

Since InstallerConnection is about to be replaced by a new installd
Binder interface, this change moves OtaDexoptService to override and
manually cook up the 'dexopt' command line that it expects to collect
from PackageDexOptimizer.

Since OtaDexoptService is designed to be run in isolation, add a new
mode to Installer which ignores calls that aren't being intercepted.

Also moves to a single dexopt() method instead of having overloads.

Test: builds, boots, fake OTA works
Bug: 13758960, 30944031
Change-Id: I3a6a115289f1542d6df3e2993b9720118b7d1e8d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cad7eb9c930da219fcdc61ff57bc6f6796e7874a 26-Oct-2016 Svetoslav Ganov <svetoslavganov@google.com> Don't accidentally delete renamed packages

Apps on the system image can change their package by declaring
their old one in the manifest. If a package is renamed it is
internally referred by its old name.

The reconciliation code was using the new package name for
renamed packages and was concluding the apk is orphaned thus
deleting it. This puts the package in a bad state where the app
is gone and the version on the system partition is disabled.

Also Play was showing an update for a renamed system app as
an install while it is an update because of the same reason,
it was using the new package name while the app is internally
referred by the old one.

The fix for both above is to internally normalize the package
name by using the old one if the package was renamed or the
package name as is.

Test: With the fix put the old calculator on the system image
and booted, then put the renamed calculator and booted, updated
calculator from play and rebooted - calculator keeps working.
Also did the above steps without the patch to put calculator
in a bad state and flashed the system with the patch which
fixed the broken calculator app.

bug:32321269

Change-Id: I98bfc05c399edfc9854ebcce44182fefa55ceeff
(cherry picked from commit e2c85890ac3941525288e08962b33d30618de801)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
17e9b4be4609a9b68eeba6a2c5d3da79afc6c65d 08-Dec-2016 Jeff Sharkey <jsharkey@android.com> Merge "Yet another set of installd Binder methods." am: c69b210ec8 am: e5617f5d16 am: 75bede2227
am: f7a57d613d

Change-Id: I16e412c92eb87728c512c39b2c197b5c6d6179e5
75bede2227fae5e122a24f4fab316aca386ec9fb 07-Dec-2016 Jeff Sharkey <jsharkey@android.com> Merge "Yet another set of installd Binder methods." am: c69b210ec8
am: e5617f5d16

Change-Id: I967af3436f4ab66663bddbadf07561c4a7411b38
811825a582812e51412fee5d712259502a7f023b 06-Dec-2016 Chad Brubaker <cbrubaker@google.com> Add proto fields for READ_PHONE_NUMBER

Test: m
Change-Id: Ifc8c9eed3af6baa405714cda664cc9dc60969cb9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c24fa029bf9a2ee3c3657cb598e1595262ad2eeb 07-Dec-2016 Jeff Sharkey <jsharkey@android.com> Yet another set of installd Binder methods.

Pretty straightforward refactoring.

Test: builds, boots, apps install fine
Bug: 13758960, 30944031
Change-Id: Ide533a04e1e31475a16046722f48b1934d8cacd3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7f468a98f4e52a79dd13ae0489c8082b843855df 06-Dec-2016 Chad Brubaker <cbrubaker@google.com> Add READ_PHONE_NUMBER to the list of dangerous permissions.

Test: system_server no longer crahes when granting READ_PHONE_NUMBER
Change-Id: I45f66df9b9723a54ca7d1d29eac606136134d80a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
784c9deeb4f58169a9d904bcc71fbc58a21fd104 05-Dec-2016 Chad Brubaker <cbrubaker@google.com> Merge "Ignore permission and permission-group in ephemeral apps"
243344108da7c5733422a39f2eb5d59ae7acded1 02-Dec-2016 Chad Brubaker <cbrubaker@google.com> Ignore permission and permission-group in ephemeral apps

Ephemeral apps should not be defining permissions or groups that can be
seen on impact the rest of the system. They are ignored instead of
treated as an error to allow installed ephemeral apps to include them.

Test: Verified that permissions and permission-groups are ignored for
adb install --ephemeral

Change-Id: If5a3fee09916d12de7f6a1bc153937bf278f0360
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b1e2da7c24613ce393bca871069d379cd4378c26 30-Jun-2016 Svetoslav Ganov <svetoslavganov@google.com> Add Bluetooth toggle prompts - framework

If permission review is enabled toggling bluetoth on or off
results in a user prompt to collect consent. This applies
only to legacy apps, i.e. ones that don't support runtime
permissions as they target SDK 22.

Also added a configuration resource which controls whether
permission review mode is enabled. By default it is not and
an OEM can change this via an overlay. For now we also keep
the old mechanism to toggle review mode via a build property
which is still used and will be removed when clients have
transitioned.

bug:28715749

Change-Id: I94c5828ad6c8aa6b363622a26ff9da4fc2e2fac7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0d1fd8d09163566d2c7eb72037f63b6404ada642 12-Oct-2016 Amith Yamasani <yamasani@google.com> Secure MATCH_UNINSTALLED_PACKAGES across users

Introduce a new internal flag MATCH_ANY_USER for genuine uses
of searching through all apps on the device.

Some temporary accommodations for Launchers that reach across
to the work profile until we have a new LauncherApps API to do
that officially.

Bug: 31000380
Test: CTS tests added
Change-Id: I2e43dc49d6c2e11814a8f8d1eb07ef557f31af34
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fd4f73c76c867e572f5a48b5516fb1f20959caf8 30-Nov-2016 Fyodor Kupolov <fkupolov@google.com> Merge "Support disabled/log/enforce in ro.control_privapp_permissions"
d072d1415452abffd55a5742e3fef5abdaadf791 30-Nov-2016 Fyodor Kupolov <fkupolov@google.com> Support disabled/log/enforce in ro.control_privapp_permissions

Possible values:
- disable - the feature is completely disabled - signature|privileged
permissions are granted automatically without logging. Default behavior
- log - log grants of signature|privileged permissions to privileged apps
that were not whitelisted in /etc/permissions/privapp-permissions.xml.
- enforce - enforce that only whitelisted permissions are granted.
Only devices with ro.control_privapp_permission=enforce will pass CTS tests.

Test: Manual - device boots, permissions are granted
Bug:31008485
Change-Id: I24e0c75d2efc326c9fbec35efc92489313667212
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e16a8abd7c6cdfbb220709e9775ddb25ca10389c 29-Nov-2016 Todd Kennedy <toddke@google.com> Don't tie ephemeral resolver/installer

The ephemeral resolver and installer can now be added at separate
times. It will be possible to replace the installer dynamically.

Bug: 33073532
Test: Manual. Verify the installer and resolver are set correctly with different configurations.
Change-Id: I8071de8c5baadd03c9eb3e756ed7445d2116d51f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
36f97300ac462dcf78d225e1db03745bd6246bf0 30-Nov-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Require INSTALL_PACKAGES permission"
6fc01e0483969c29470fc94045302be19a1c3ceb 29-Nov-2016 Philip P. Moltmann <moltmann@google.com> Merge "Create actions for permission and log revokations"
bdcdeb4cc470130db9ddb7abe7763c2170755e22 22-Nov-2016 Narayan Kamath <narayan@google.com> PackageManager: Avoid unnecessary calls to derivePackageAbi during boot scans

In most cases, we can safely use the values from package settings instead.
We do the work when we're in the middle of an upgrade or the first boot,
since we have no choice.

This saves about 200-400ms on package manager startup on a freshly wiped
device with no app installs. Savings are likely to grow linearly with
the number of installed apps.

Bug: 22063656
Test: make + manual testing.

Change-Id: I1b2bdc4df45f334620c1fb94d78276f0095d5ff8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0d8f4b75a5f41a3455a28839f0cff481bb6be53f 09-Nov-2016 Philip P. Moltmann <moltmann@google.com> Create actions for permission and log revokations

grants, denials and requests are logged in the package installer

Test: Revoked some permissions via settings and looked at event log.
Change-Id: I9a4ade82b68293f8aa9732c9ca288d37e9a7f611
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fd6f4fb264d56726cd0e2fed731ad60bbe4aa06f 18-Nov-2016 Fyodor Kupolov <fkupolov@google.com> Parse packages in parallel

Introduced ParallelPackageParser. Parsing requests are processed by a
thread-pool (currently 4 threads). At any time, at most 10 results are kept
in RAM. This is enforced by the blocking queue.

scanDir has become a two-stage process:
1) Collects files for parsing and submit them to the parallel parser
2) Sequentially take elements from the parsing queue and process them by
calling scanPackageLI (as before)

Test: manual - device boots, all packages are parsed
Test: ParallelPackageParserTest passes
Bug: 30792387
Change-Id: I07a64da4d83e355b2b1f1ab350e6d8087dfd2feb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
84e347f01fa3a0675c3a8d6cc973228a4563b20d 24-Nov-2016 Narayan Kamath <narayan@google.com> PackageManager: Fix incorrect usage of flags.

assertPackageIsValid was checking policyFlags (which are PackageParser
parseFlags) for flags defined in the SCAN_* values. This was always
subtly and non-visibly broken, but turned into a full scale breakage
when change 5b29ecad4856622422eb903e34499506b2fb3e93 was merged, and
one of the flags that *happened* to have the same value in the PARSE_
and SCAN_ flagset changed.

Test: make, boot, update system app, update playstore app.
Bug: 33124572
Bug: 33126202

Change-Id: I482f420b2a9c8af38b17d174f1a2ec36c762f58e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5b29ecad4856622422eb903e34499506b2fb3e93 22-Nov-2016 Narayan Kamath <narayan@google.com> PackageManager: Remove obsolete SCAN_NO_PATHS / SCAN_DEFER_DEX flags.

SCAN_NO_PATHS hasn't been used in the past several years, and was
introduced to deal with ASEC containers, and those are now handled by
DefaultContainerService.

SCAN_DEFER_DEX has been made obsolete by the JIT work we've done in N.

Test: make & boot
Change-Id: Ib2ffa8bd3c31d645a7efc5d78b03ca0774590f07
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b1df48d32632d0ba5a2389fb9fad2943dcb55562 23-Nov-2016 Baligh Uddin <baligh@google.com> Merge remote-tracking branch 'goog/cw-f-dev' into fix_merger

Bug: 32849428

* goog/cw-f-dev: (98 commits)
Revert "Catch KeyStoreException for setting profile lock"
Fix createConfirmDeviceCredentialIntent for wear for CTS.
Fix default dialog background colour for watch devices.
Catch KeyStoreException for setting profile lock
Add cross-links between FINE and COARSE location permissions. bug: 25371600
Fixed a bug with the emergency affordance in multi user
Zygote: Additional whitelists for runtime overlay / other static resources.
Import translations. DO NOT MERGE
Import translations. DO NOT MERGE
Import translations. DO NOT MERGE
Import translations. DO NOT MERGE
Import translations. DO NOT MERGE
Import translations. DO NOT MERGE
Import translations. DO NOT MERGE
Zygote : Block SIGCHLD during fork.
colors: add missing accent_material_{700,50} resources.
Import translations. DO NOT MERGE
Import translations. DO NOT MERGE
Zygote : Block SIGCHLD during fork.
DO NOT MERGE ANYWHERE Revert "DO NOT MERGE ANYWHERE libhwui: make setSurface asynchronous"
...

Change-Id: I63468da5bfa21ed9ac5985bbdbf3a61d4c389aa0
08a04878b0d6ed4c661330751ac253c0b18ef537 22-Nov-2016 Todd Kennedy <toddke@google.com> Require INSTALL_PACKAGES permission

Although it's not technically necessary for the ephemeral installer
to hold the INSTALL_PACKAGES permission, it leads to a pretty
poor experience -- the user has to confirm ephemeral installation --
which is a primary reason for ephemeral apps.

Change-Id: Ic3f947d677964521cd4742f66c1c3fe808c4c55a
Fixes: 33073519
Test: manual; installed packages w/ and w/o INSTALL_PACKAGES and only the apps with INSTALL_PACKAGES were made the installer
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3e12f413d40e55da3d8a964740bc2aa9899c622b 17-Nov-2016 Todd Kennedy <toddke@google.com> Merge "Implement 2-phase resolution"
c41c889b3e9c801c5c2af025f42296bd99866409 16-Nov-2016 Chad Brubaker <cbrubaker@google.com> Merge "Use a 16 byte random suffix for installed apk directory name"
de4355dd590b3d0b5d0355d70da1231af31c5b54 16-Nov-2016 Fyodor Kupolov <fkupolov@google.com> Merge "Log when priv permission is not whitelisted"
b633f9d01f484d1a17ebfcd5aa4d6000dff53773 16-Nov-2016 Fyodor Kupolov <fkupolov@google.com> Log when priv permission is not whitelisted

Log violations for now, we will start enforcing it later.

Test: Manual - device boots
Bug: 32935038
Bug: 32935364
Change-Id: I1957c334f98852a5a87e093e24c72dd2c223c08b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5e10e8f1b2126f031b976b853c3f150418f3b342 09-Nov-2016 Chad Brubaker <cbrubaker@google.com> Use a 16 byte random suffix for installed apk directory name

This prevents apps (both normal and ephemeral) from learning what
applications are installed by checking for the existence of
/data/app/com.example.package-1. /data/app and /data/ephemeral-app are
already 771 and so cannot be ls'd but because the directory names are
guessable it is still possible to learn if known packages are installed.

Apps can still learn if a package is installed and where via the
standard APIs but not by directly using the filesystem. This is
important for ephemeral apps since normal apps should not be aware of
installed ephemeral apps (unless needed) and ephemeral apps shouldn't be
aware of other ephemeral apps.

Test: adb install --ephemeral, verify the code directory has random
suffix
Test: runtest -c android.content.pm.PackageManagerTests frameworks-core
Test: cts-tradefed run commandAndExit cts -m CtsAppSecurityTestCases
Change-Id: Id4883f5cfb9664307cf8518e2db3fef0e2d632d0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
26c48fac73cce07d0a41c567e97d9d3f02d3a5d3 16-Nov-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge changes I99813278,I6285042b

* changes:
Fix copypasta error.
Aggressively clear cached data when forgetting.
b501ef1e21e4314aa1177b6d59294b2b18d7d2a0 15-Nov-2016 Jeff Sharkey <jsharkey@android.com> Aggressively clear cached data when forgetting.

Otherwise the system server risks keeping open FDs to an adopted
storage device that could later be ejected.

Test: builds
Bug: 31596654
Change-Id: I6285042b4f0714dbf601c7dfa53efb704ea29d0b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2250d56a0b47b93016018340c8f4040325aa5611 08-Nov-2016 Sudheer Shanka <sudheersai@google.com> Rename MountService to StorageManagerService.

Bug: 30977067
Test: Existing tests pass
Change-Id: Ieac0f11c2b249dcd60441b14c1f391e6f8131d42
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
964d2ebb94c41d2cf1fb45b534e86c10e0ced3ac 09-Nov-2016 Fyodor Kupolov <fkupolov@google.com> Control privileged permissions for priv-apps

Added support for privapp-permissions config element. It allows to explicitly
control what privileged permissions applications should be granted.

Feature is controlled by ro.control_privapp_permissions property.
Possible values:
- 0/false, the feature is completely disabled - signature|privileged
permissions are granted automatically without logging. *Default behavior*
- 1/true, enforce that only whitelisted permissions are granted. Only
devices with ro.control_privapp_permission=1 will pass CTS tests.

Test: Manual
Bug:31008485
Change-Id: I93a8c2782cc72b3953f32c237086d08d82ac0d5b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
01ad0c7e403794b272494f187d91f57bdfa07c9d 12-Nov-2016 Todd Kennedy <toddke@google.com> Implement 2-phase resolution

Bug: 25119046
Test: build & install the sample resolver and run 'adb shell am start -a android.intent.action.VIEW -c android.intent.category.BROWSABLE -d "https://www.tripadvisor.com/Tourism-g33020-San_Jose_California-Vacations.html"'
Change-Id: I624b9028061aad35db80e0d51bfe0a39fb81806c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
dc589ac82b5fe2063f4cfd94c8ae26d43d5420a0 11-Nov-2016 Sudheer Shanka <sudheersai@google.com> Update usage of ActivityManagerNative.

- Remove references to ActivityManagerProxy.
- Add isSystemReady to ActivityManager.

Bug: 30977067
Test: cts/hostsidetests/services/activityandwindowmanager/util/run-test android.server.cts
adb shell am instrument -e class com.android.server.am.ActivityManagerTest,com.android.server.am.TaskStackChangedListenerTest \
-w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I07390b6124fb1515821f5c0b37baf6ae74adc8fa
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e07641d4fbdd0528c18305213e861a6e1aff4a3b 10-Nov-2016 Dianne Hackborn <hackbod@google.com> Start implementing background restrictions for eph apps.

This implements the additional intended path for checking
allowed background operations, APP_START_MODE_DISABLED, which
doesn't allow an app to launch in the background at all.

Also change the semantics of delivering broadcasts to manifest
receivers to always restrict those, not changing based on
whether the app is currently idle. This is the desired intended
behavior for apps as they explicitly update to work with
bg check.

And now that we have ephemerality associated with the uid state
in the activity manager, we can propagate this through the
relevant callbacks in IUidObserver so things watching these
changes can immediately determine whether they should do their
more aggressive shut down work for the uid rather than having
to walk through all their state looking for package associated
with that uid and whether they should be shut down.

Also remove the "lenient" bg check mode, since that was
just an early experiment that we won't actually use.

Add a new "make-idle" activity manager command to immediately
put a uid into the idle state (if possible) to make it easier
to test.

Test: manually against an eph app
Change-Id: I43a138ff281f69a9251d3f29ab6e13f48cff8ad6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d0ac9d3bac179d2787ebfc11fe0d9c3d7e6d425e 09-Nov-2016 Jeff Sharkey <jsharkey@google.com> Merge "Detect non-oneway calls leaving system_server."
2fb2556833d9f6384004be9cbce4ba8321820909 09-Nov-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Allow shell to enable/disable individual component in test package"
e5195dd17c5e1d8538049a5282c0d988988f63c8 20-Oct-2016 Todd Kennedy <toddke@google.com> Implement new API

This is the first swack at the new, 2-phase API. Adds the new methods
to the resolver service and makes the split name explicit on the
installer intent.

The 2nd phase will not yet be invoked; that's coming in a follow-on
change.

Bug: 25119046
Test: build & install the sample resolver and run 'adb shell am start -a android.intent.action.VIEW -c android.intent.category.BROWSABLE -d "https://www.tripadvisor.com/Tourism-g33020-San_Jose_California-Vacations.html"'
Change-Id: I2df6fa64d46f17a86a2e32b19417632c594fb10f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
13810374a47f783e89092a5232f0ac5da21da403 08-Nov-2016 Tony Mak <tonymak@google.com> Allow shell to enable/disable individual component in test package

Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.ManagedProfileTest#testAppLinks_enabledStatus

Bug: 32695379
Change-Id: I0fa22f50f1aa344195b7c6bc1e6ee97879d91c46
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2dc804be11444565e3d1d151c2a693db3ade94c0 07-Nov-2016 Jason Monk <jmonk@google.com> Allow persistent changes to the vendor overlay theme

This allows the overlay being used to be changed without a new build
but still will require a reboot to take effect. Should no longer be
needed once hierarchical resources are in place, and can be removed.

Also fix check in fd_utils to point at correct location.

Test: Manual
Bug: 32721178
Change-Id: I2a63aea0c87791c8eb845d735cb1182716c8174d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0a17db1cc5942ea000ca87bb72853de57a15ec64 04-Nov-2016 Jeff Sharkey <jsharkey@android.com> Detect non-oneway calls leaving system_server.

To protect system stability, any Binder calls leaving the
system_server must carefully be performed using FLAG_ONEWAY (or
the 'oneway' verb in AIDL) which prevents the call from blocking
indefinitely on the remote process.

In this CL, the system_server uses the new Binder.setWarnOnBlocking()
method to enable detection by default for all remote Binder
interfaces. It can also use Binder.allowBlocking() to allow
blocking calls on certain remote interfaces that have been
determined to be safe.

This CL adds the 'oneway' verb to several interfaces and methods
where it should have been added, and marks a handful of system
ContentProviders as being safe to call into. Also, we assume that
any services obtained from ServiceManager are part of the core
OS, and are okay to make blocking calls to.

Test: builds, boots, runs with minimal logs triggered
Bug: 32715088
Change-Id: Ide476e120cb40436a94b7faf7615c943d691f4c0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
37ea9a1f02a1247cf0afeab987e7ca460a9eadbf 04-Nov-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Send BOOT_COMPLETED when updating system apps"
c200bb7be484c116c0f8ae177a8ff6d41095ff34 03-Nov-2016 Fyodor Kupolov <fkupolov@google.com> Send BOOT_COMPLETED when updating system apps

Previously, when a system app was updated, it wasn't getting
BOOT_COMPLETED broadcast.
sendPackageAddedForUser was extended to support multiple userIds and also
send LOCKED_BOOT_COMPLETED. handlePackagePostInstall is now using the same
method as installExistingPackageAsUser

Test: pm install --user X -r systemAppV2.apk
Bug: 32242899
Change-Id: I75fe955aaf02d0a4c80b3604e3ef82316bf5dbc0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
02e17d27b1d9289059fd18d512ae978f0dfd666e 03-Nov-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "[DPM] Management and retrieval of network logs"
fc686becb9851aa009512c285d489d5f8cf209ef 02-Nov-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Cross profile candidate should be considered"
9f2c93663c2de84f958eebef96a98458ebaf51a9 02-Nov-2016 Tony Mak <tonymak@google.com> Cross profile candidate should be considered

Bug: 32547783

Fixed the regression introduced in ag/1243573

Test: Manual test - Open a map link in work calendar, personal map is shown as an option.

Change-Id: If5651b5e09cf1916813e8f91dbdcdf53f9119ef2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f77ee4f1b79929a77f603e5e879f3616ae464e3e 12-Oct-2016 Michal Karpinski <mkarpinski@google.com> [DPM] Management and retrieval of network logs

This CL follows up on ag/1530343 and adds:
1) Various network events.
2) Retrieval method in DPM and APIs in DeviceAdminReceiver.
3) Extension of NetworkLogger and it's NetworkLoggingHandler.

Test: runtest --path frameworks/base/services/tests/servicestests/src/com/android/server/devicepolicy/NetworkEventTest.java
Bug: 29748723
Change-Id: I42a1a477e7c75c109a3982f809c22732b814e8b2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
006b53a68149d22dc8174ed6c46175967e6f0764 31-Oct-2016 Chad Brubaker <cbrubaker@google.com> Merge "Add ephemeral protection level"
c19706a937abc5d025a59b354b3a0d89e7d62805 14-Oct-2016 Chad Brubaker <cbrubaker@google.com> Add ephemeral protection level

Ephemeral applications will only be able to be granted permissions that
have the ephemeral proteciton level, this allows us to tighly define
what behavior is OK for ephemeral applications.

This includes an initial small whitelist of permissions for ephemeral
apps, it may be expanded later.

Test: adb install --ephemeral, verified against both runtime and install
time permissions
Test: cts-tradefed run cts -m CtsPermission2TestCases
Change-Id: I854c44cf7a293d484b674cdd4fb5141e362a2f1a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2a81b4c9084ed808feb2a17d0f298ef9decde1d8 26-Oct-2016 Svetoslav Ganov <svetoslavganov@google.com> [DO NOT MERGE] Don't accidentally delete renamed packages
am: e2c85890ac

Change-Id: Icbd85ddfc76e50553414bd47860370cdc442b796
e2c85890ac3941525288e08962b33d30618de801 26-Oct-2016 Svetoslav Ganov <svetoslavganov@google.com> [DO NOT MERGE] Don't accidentally delete renamed packages

Apps on the system image can change their package by declaring
their old one in the manifest. If a package is renamed it is
internally referred by its old name.

The reconciliation code was using the new package name for
renamed packages and was concluding the apk is orphaned thus
deleting it. This puts the package in a bad state where the app
is gone and the version on the system partition is disabled.

Also Play was showing an update for a renamed system app as
an install while it is an update because of the same reason,
it was using the new package name while the app is internally
referred by the old one.

The fix for both above is to internally normalize the package
name by using the old one if the package was renamed or the
package name as is.

Test: With the fix put the old calculator on the system image
and booted, then put the renamed calculator and booted, updated
calculator from play and rebooted - calculator keeps working.
Also did the above steps without the patch to put calculator
in a bad state and flashed the system with the patch which
fixed the broken calculator app.

bug:32321269

Change-Id: I98bfc05c399edfc9854ebcce44182fefa55ceeff
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
93bbe47d650b7b5e48d705257c0bdfa086300549 21-Oct-2016 Jakub Adamek <jakuba@google.com> Change name of overlay subdir 'sku'->'theme' am: 54dcaaba4f
am: 6bbb63ad91

Change-Id: I71dfaafbebaa7bd61d182405c734eef1ea7ff1eb
6bbb63ad91a707c77dd52f0b6caa12a720732ee1 21-Oct-2016 Jakub Adamek <jakuba@google.com> Change name of overlay subdir 'sku'->'theme'
am: 54dcaaba4f

Change-Id: I4536de644c20171e175cddaff0cd041fb05b3038
54dcaaba4fa0392c36864f99b9dc1da9c975a100 19-Oct-2016 Jakub Adamek <jakuba@google.com> Change name of overlay subdir 'sku'->'theme'

The name 'sku' does not fit well as we recommend to use the same
value for different SKUs if vendors wish to have the same colors
on those SKUs.

Bug: 32268656
Change-Id: Ib5e5a3386676453dafeb13a6a6bf91f81bb48a11
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8e33c15f39158f0bf510442b32c24f3bad27918e 17-Oct-2016 Jakub Adamek <jakuba@google.com> Search for RRO in Java both in SKU subdir and in vendor/overlay am: 4a6e246671
am: 845de5aaad

Change-Id: I42d4c39d90e2b885bf7d2f3653db82c16642dbaf
845de5aaad6cf1612183ab36984289edaa283812 17-Oct-2016 Jakub Adamek <jakuba@google.com> Search for RRO in Java both in SKU subdir and in vendor/overlay
am: 4a6e246671

Change-Id: I876e12838c88adb019af73ceff207b6b8bd60c0a
4a6e2466713e50d642b375b621265013d73e5d8e 17-Oct-2016 Jakub Adamek <jakuba@google.com> Search for RRO in Java both in SKU subdir and in vendor/overlay

Currently, if the "ro.boot.vendor.overlay.subdir" property is set, we
only search in the subdir. It seems more powerful to search both in
there and in the standard /vendor/overlay directory.

Also, RRO packages have the "priority" attribute in the <overlay>
attribute in AndroidManifest.xml which serves for disambiguation.

Bug: 32202741
Change-Id: I9ef44b8ca4ac0e92ba02e25b3672c6b274fe4639
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0778401533adba2e084cb04e14f04c2561937c62 11-Oct-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Use the correct flags"
f1c5991a44156e56eae60ef653dacb3e80ba4508 11-Oct-2016 Todd Kennedy <toddke@google.com> Use the correct flags

Change-Id: Ieee49fb238d55ca7db635b18b67dbc2db809133e
Fixes: 32063793
Test: Manually ran the device
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ba039066d817608f0599dd2b8729ae5648699c28 08-Oct-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Allow some packages to be excluded during during work profile creation."
7cb54a34c44547b55200e4be15be397f6a363c55 16-Sep-2016 Sudheer Shanka <sudheersai@google.com> Allow some packages to be excluded during during work profile creation.

Bug: 31657192
Test: adb shell am instrument -e class com.android.server.pm.UserManagerTest#testAddManagedProfile_withDisallowedPackages -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: I37eab6084e0f911d0e2407186b789875588194a2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8cad623c92005bda8bc9cb7e6ca43c7d92a7df46 06-Oct-2016 Todd Kennedy <toddke@google.com> remove peekPackageLPr

no longer needed, so, removed

Bug: 30219944
Change-Id: I0cf8ef4e8e2abc1d98b1f584ae448f9097095c6d
Test: adb shell am instrument -w -e class com.android.server.pm.PackageManagerSettingsTests com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ff35e661724952664c48282de42d9063a7c7444a 20-Sep-2016 Todd Kennedy <toddke@google.com> Break up scanPackageDirtyLI

Instead of having a single, thousand line method, break it
appart into several hundred line methods. Also, try to bring
order:
1. separate policy
2. separate package validation
3. separate package commit
Also inspect each block of code and determined which code needs
moving [in future changes].

Bug: 30219944
Change-Id: If028f692acf6c259e7140a770d61a717a3e9362d
Test: manual
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
700e1e7ee8e4ed491768a35ed692a4e8f0ff0d4b 28-Sep-2016 Nicolas Prevot <nprevot@google.com> Don't allow the shell to change admin-locked app permissions.

BUG:27432532
Change-Id: I67f8794ea923edb5024033bb2a4474a1fb6d5fd9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9fe3b859919b04a3f3ac10ae974a866e3f20b11c 01-Oct-2016 Jakub Adamek <jakuba@google.com> Search for runtime resource overlays in Java in subdir. am: e9ac5b42d2
am: c78e3d45f6

Change-Id: Ie2c8ff3cc6016e96bc1c9c28106669a344d7246b
c78e3d45f68d2eb25d462901691910216fe447eb 30-Sep-2016 Jakub Adamek <jakuba@google.com> Search for runtime resource overlays in Java in subdir.
am: e9ac5b42d2

Change-Id: Ie574b44a4a374fc0eb4ce500e3463b733331ef97
e9ac5b42d242f9ff679b7ab2ed718163f0f7c799 28-Sep-2016 Jakub Adamek <jakuba@google.com> Search for runtime resource overlays in Java in subdir.

See go/sku-colors. This changes the directory to search for package
overlays if the right system property is defined. This allows
OEMs to specify different resources based on device SKUs.

Bug: 31692079
Change-Id: Ifae9ba03a4db517753ed9226048a7f912150294a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
354736e196ff79962b3ddb52619a674044d773e2 23-Aug-2016 Dianne Hackborn <hackbod@google.com> New infrastructure to switch remaining commands to "cmd" calls.

This introduces a new feature of the IBinder command protocol
to allow the shell command implementation to call back into
its caller to ask it to open files in the calling context. This
is needed so that commands that have arguments specifying files
can open those files as the calling shell, not the system (or
whatever) process.

To test this all out, move the "am start" implementation over
to ActivityManagerShellCommand, in particular along with its
option to specify a file in which to write profiling data.

Test: Manual

Change-Id: I0c1e3857defefbd19a2ac29413aafbb34b1e48a3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1f34323ccdc5fef1337bfea05caee914d6e75207 23-Sep-2016 liulvping <liulvping@xiaomi.com> Merge "Skip uninstalled package for getPackagesForUid()" am: f4c8c3590a am: 659cdfef75 am: fb55d69029
am: e37ed040b1

Change-Id: I3fd671695d4a0e2cc2d1e39164f350104189ca13
6b6ad04934ebd2b151211823f23717e8de9869b6 23-Sep-2016 Jeff Sharkey <jsharkey@android.com> Merge commit '8fb7520a6d7720f69661f6fae9fd868726359dec' into HEAD

Change-Id: I82b4752c4c8f8b0786f470695eac27102761fff7
20cb45c465532dfbe0e597371b60a2a4d754cc71 23-Sep-2016 Todd Kennedy <toddke@google.com> Add remote control of Instant Apps am: d15bb75af6 am: f308ffc915
am: 6f38e68456

Change-Id: I4e2344f16a82008023c63f278bce7e215d0874b8
e37ed040b1eba95765326c933c85f3c98bffcb45 23-Sep-2016 liulvping <liulvping@xiaomi.com> Merge "Skip uninstalled package for getPackagesForUid()" am: f4c8c3590a am: 659cdfef75
am: fb55d69029

Change-Id: Id468596684eb071a477beff2e3e7185ed36cd7a3
6f38e684567c640fb9dbac55e1b3aab2b78c7a95 22-Sep-2016 Todd Kennedy <toddke@google.com> Add remote control of Instant Apps am: d15bb75af6
am: f308ffc915

Change-Id: If7a6884bb896c1bab38c7d0fe963c06125a44c26
fb55d69029320bbb5559a57b3024161815d61f3d 22-Sep-2016 liulvping <liulvping@xiaomi.com> Merge "Skip uninstalled package for getPackagesForUid()" am: f4c8c3590a
am: 659cdfef75

Change-Id: I253117165d33dccc8544587968503f2ef61484c3
7e2bb3e6dd1e016f74d174eb154ef44b72fe4b4c 22-Sep-2016 Jeff Sharkey <jsharkey@android.com> Recursively restorecon when SELinux label changes.

PackageManager has been pretty aggressive about asking installd to
restorecon over app data when it thinks something might have
changed. However, in the vast majority of cases these are no-op
requests, and we waste a bunch of time recursively walking all
private data, easily costing 60+ seconds on dogfooder devices.

This change relies on new installd "create_app_data" behavior that
kicks off a recursive restorecon if it detects that the top-level
SELinux label on the app private data directory changes. This means
that PackageManager no longer needs to track restoreconNeeded state.

Test: booted, verified that a label change triggered restorecon
Bug: 30768146
Change-Id: I0c8d4018cf8ff888d0ae07a82adc3d61a6002aad
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
141594b5ee928f99a9dc08b38f70301ef1e08a0b 22-Sep-2016 Jeff Sharkey <jsharkey@android.com> Recursively restorecon when SELinux label changes.

PackageManager has been pretty aggressive about asking installd to
restorecon over app data when it thinks something might have
changed. However, in the vast majority of cases these are no-op
requests, and we waste a bunch of time recursively walking all
private data, easily costing 60+ seconds on dogfooder devices.

This change relies on new installd "create_app_data" behavior that
kicks off a recursive restorecon if it detects that the top-level
SELinux label on the app private data directory changes. This means
that PackageManager no longer needs to track restoreconNeeded state.

Test: booted, verified that a label change triggered restorecon
Bug: 30768146
Change-Id: I0c8d4018cf8ff888d0ae07a82adc3d61a6002aad
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2527fa3067ce5ccc707203a06f00eea595d05308 06-Jun-2016 liulvping <liulvping@xiaomi.com> Skip uninstalled package for getPackagesForUid()

If a package with sharedUserId had been setInstalled
with false, then the result of getPackagesForUid()
should not include it.

https://code.google.com/p/android/issues/detail?id=212255

Change-Id: I7b984051db34ecc2d0ef9518786d51100ab9ac79
Signed-off-by: liulvping <liulvping@xiaomi.com>
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
973edd19db752483f5958f974068c89fead1371b 09-Sep-2016 Svet Ganov <svetoslavganov@google.com> Don't show account access request UI until app launched.

Sync adapters that don't have account access cannot run until
the user explicitly approves in the UI. This is spammy given
the user may not use the app right away. This change doesn't
show the notificaiton until the app has run.

bug:31162498

Change-Id: I1f4f2d2e9426f78763590e8aa542b94d6e93e488
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fdfefdfbcb46ef92bcda5ffb1f9cd8d4774d4059 16-Sep-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "More refactoring"
d15bb75af67df53f7335bdb7d7468f387848d6fe 14-Sep-2016 Todd Kennedy <toddke@google.com> Add remote control of Instant Apps

Bug: 31470039
Test: manual
Change-Id: I82eb47f4d24fb88d0f264eca1176aec55364867c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3cd658e1a598e59738bc129c35eecf4cd0f20680 17-Aug-2016 Todd Kennedy <toddke@google.com> More refactoring

* Break apart getSettingsWithBenefits() into separate methods for creating
new settings and updating settings, etc...
* Add more hooks to test equality of setting clones
* Create tests for each subset of functionality

Bug: 30219944
Change-Id: I1fb3d07bb9279f93ba81ada2ff802989ec2c5965
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bf9751f6ddef6d2a782cb9b0248c2901cb41f3bc 14-Sep-2016 Todd Kennedy <toddke@google.com> enable instant apps am: 7ef97b6624 am: 828c5b8c36
am: b99c4bcb5c

Change-Id: Ie311e03372e3884b9d1676387c6256d96faa36cc
f3a88c353d368dfdccbe5b6824ce5c2037d594d2 14-Sep-2016 Todd Kennedy <toddke@google.com> Add filter ordering am: c2e96d45d2 am: cdda4eed12
am: 792cac6fd6

Change-Id: I94c998b9b32c4e6d3e7162cda4ff8bc7723dd2d9
b99c4bcb5c0bec46f7846554d9914076caeb438f 13-Sep-2016 Todd Kennedy <toddke@google.com> enable instant apps am: 7ef97b6624
am: 828c5b8c36

Change-Id: I825cea93c36ede01c04966c5f74bb1d7cccb37d9
828c5b8c367eb8f21bd5c691b7235287cc204d1c 13-Sep-2016 Todd Kennedy <toddke@google.com> enable instant apps
am: 7ef97b6624

Change-Id: I4a9a5f38380c9b7bd564b451eb358de044aea66a
6b3965a5dfa67daa3c124589864eec867a5a9cbb 13-Sep-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "enable instant apps" into nyc-mr1-dev
7ef97b6624054fff0d712d85336a45eee70bcc3f 09-Sep-2016 Todd Kennedy <toddke@google.com> enable instant apps

Change-Id: I91aca48efe3d2b0a5035ffdcff0d6a893ee515e1
Fixes: 30256615
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c78be8772a88c9c39c3c67a8336fafafbad38a99 10-Sep-2016 Svet Ganov <svetoslavganov@google.com> [DO NOT MERGE] Don't show account access request UI until app launched. am: d63cde7ba4
am: 99d29ddf42

Change-Id: I1e6977d2478bf695d9840a72cba6e0e1b600b1e6
99d29ddf42a749c5077c32ba9229cd47b39ae4d0 10-Sep-2016 Svet Ganov <svetoslavganov@google.com> [DO NOT MERGE] Don't show account access request UI until app launched.
am: d63cde7ba4

Change-Id: I06a6b98c9c4a1cd67ed155d42cf4fe5149015675
32ce3c8797fd286e3771b05a53d4dcd1f6d2ceda 10-Sep-2016 Svetoslav Ganov <svetoslavganov@google.com> Merge "[DO NOT MERGE] Don't show account access request UI until app launched." into nyc-mr1-dev
d63cde7ba4a96d5a07efd48d67e552cadb45d9ce 09-Sep-2016 Svet Ganov <svetoslavganov@google.com> [DO NOT MERGE] Don't show account access request UI until app launched.

Sync adapters that don't have account access cannot run until
the user explicitly approves in the UI. This is spammy given
the user may not use the app right away. This change doesn't
show the notificaiton until the app has run.

bug:31162498

Change-Id: I1f4f2d2e9426f78763590e8aa542b94d6e93e488
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
792cac6fd64039cce523979cd2bbdec55dff74c6 09-Sep-2016 Todd Kennedy <toddke@google.com> Add filter ordering am: c2e96d45d2
am: cdda4eed12

Change-Id: I6c4782393a5f694cba8238a05e60939169bd464f
cdda4eed1219738c79de88eb12b23b0293e56b04 09-Sep-2016 Todd Kennedy <toddke@google.com> Add filter ordering
am: c2e96d45d2

Change-Id: I9bc8994293a45684238c7d1377d30ef8c049ce81
295f5108f1984a4aade683ae73da3b69f0a29cc4 09-Sep-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Add filter ordering" into nyc-mr1-dev
0fae3e61717b53bbb64d5446aba546142e98368f 09-Sep-2016 Daniel Nishi <dhnishi@google.com> Fix a bug where the Deletion Helper could not delete packages. am: 26af56d28e
am: 70939124c2

Change-Id: I7600f1c4916d682e6240c00e18a266326eb90bf6
c2e96d45d27ab1465aaef89c1a3161708c714bcd 09-Sep-2016 Todd Kennedy <toddke@google.com> Add filter ordering

Filter ordering allows automatic disambiguation between multiple filters
that matching a pattern. Ordering currently only works for EphemeralResolveInfo
objects.

Bug: 30837021
Change-Id: Ia217218c7c7d159dbd75d7733c45556e690d06d2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
26af56d28ea50f71d59c87e366d708966cc0d1de 25-Aug-2016 Daniel Nishi <dhnishi@google.com> Fix a bug where the Deletion Helper could not delete packages.

Bug: 31096000
Change-Id: I780cf74dc6750110024dcb0008b47879597f0156
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
750aec0ed01d1c9ed6611d90049b0bedbdeaddfc 07-Sep-2016 Calin Juravle <calin@google.com> [RFC] Special case system apps for profile optimizations am: 08313b0d95 am: 788e111cba am: 0bc450ac05
am: f0036acbfd

Change-Id: I494263f25297bcd134bcf1e7101c21e27c61f4f9
f0036acbfd7ccd372e9b8ddbbb0de7bfd5834e04 07-Sep-2016 Calin Juravle <calin@google.com> [RFC] Special case system apps for profile optimizations am: 08313b0d95 am: 788e111cba
am: 0bc450ac05

Change-Id: I18324f1074a8c62002b88810ffcf61cd2efcd21e
4cff287df2ffcf9e5a959dabc8b65961d9a737ae 06-Sep-2016 Andreas Gampe <agampe@google.com> Frameworks/base: Add compiler stats to Package Manager am: 7e619a912c
am: 723bbd880a

Change-Id: Ia02fbf2770aaf4186633421a6c11aa0b95dd8f64
0bc450ac052bc20fa88186adf4401b57f0007866 06-Sep-2016 Calin Juravle <calin@google.com> [RFC] Special case system apps for profile optimizations am: 08313b0d95
am: 788e111cba

Change-Id: I8466811b44b623e23117d6554e69cc80e2c4485f
53ad58b21a56311a3a6380cc6344f91bb424f221 06-Sep-2016 Alex Light <allight@google.com> cp preopted files from B partition during PM init. am: 2b6fc4c92d
am: 0b89b352d4

Change-Id: I7da5e74d61dd82c177bf4ca2a87085317e9973f5
0acdf65c55eec7cf5ff2ee615c35c0709faade70 06-Sep-2016 Jorim Jaggi <jjaggi@google.com> Only show optimizing storage dialog if dex opt dialog was shown am: 2578beccbe am: fd33b0194a
am: 9713b29e3c

Change-Id: I2ce3ec3836dd24e1ba306f9f991435aa196316d4
7e619a912cf6a53ede7d7eea67f8bc8ed1158e24 13-Jul-2016 Andreas Gampe <agampe@google.com> Frameworks/base: Add compiler stats to Package Manager

Add a simple class for storing compiler statistics. Capture compile
times for code paths from a package.

Bug: 29223204
Change-Id: I1b066de6a83a739470a42480eee0bfef88423eea
(cherry picked from commit 37e5fdc6b4963f3533caecdd92b129f79da69dd8)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
08313b0d952b6d5fa6e7ed7e3a5e4a7154a7d2c9 12-Jul-2016 Calin Juravle <calin@google.com> [RFC] Special case system apps for profile optimizations

If the OTA updates a system app which was previously preopted to a non-
preopted state the app might end up being verified at runtime. That's
because by default the apps are verify-profile but for preopted apps
there's no profile.

Do a hacky check to ensure that if we have no profiles (a reasonable
indication that before the OTA the app was preopted) system apps get
compiled with a non-profile filter (by default interpret-only).

Bug: 30032273
Test: Andreas "has verified that Calin's change to A/B works as expected
and promotes things like SystemUI to speed. From my side, that's
ready to be merged"

Change-Id: I7a052a8ea76cab7f649dc993237ea05534d6c4b9
(cherry picked from commit 0bd776207999ccba17e5adb163710bd7b16ac907)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2b6fc4c92deac1572b68f3cfc326da0a230055a7 23-Jun-2016 Alex Light <allight@google.com> cp preopted files from B partition during PM init.

This allows us to save space on the system partition while still
having access to the preopted files.

We do this on first boot when the "ro.cp_system_other_odex" property
is set to 1. We do this during package manager initialization before
scanning the system to see which apks need to be optimized again.

Note that a separate script, run by init, is actually responsible for
finding and copying the files. We simply request that it runs.

Bug: 29278988

Change-Id: I8d7c790ad35b32a0ce1d87939f043419bae4d88a
(cherry picked from commit 3dafee6c1820bf0946bab04b290c5a757112d3e7)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2578beccbeacd605728e018cf390c10cef72b48b 02-Sep-2016 Jorim Jaggi <jjaggi@google.com> Only show optimizing storage dialog if dex opt dialog was shown

This doesn't take long, so there is little reason to show it if
we didn't show the dex opt dialog.

Bug: 29643498
Change-Id: I955f9dfa233166a8a150deb2d115a591e6d82394
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
55d34d1626f30715e86a4b8b99cc23589d68b715 01-Sep-2016 Sudheer Shanka <sudheersai@google.com> resolve merge conflicts of 437062e to master

Change-Id: I7404a0ab39416bbd90d7c0fb1c478ec51436b06e
3e42403586d61e1ab48eb3e7b68a4514b476f97d 01-Sep-2016 Todd Kennedy <toddke@google.com> throw if >1 verifier found am: 5320ee42c6 am: 73a05d1865
am: f1582a94f0

Change-Id: I61dd0a596f7c46bd0c37c37d2e288bc7681991da
51b6b7d507a9c6d33ada85e94b70f8a4435803ec 01-Sep-2016 Sudheer Shanka <sudheersai@google.com> Allow package verifier and uninstaller to do silent uninstalls.
am: bf6154a5ba

Change-Id: Iab55e58e02a2088c541406bc0b71aa14df7b028e
0b69970e36dece05302b60a685a9bb0aa6546ed3 01-Sep-2016 Sudheer Shanka <sudheersai@google.com> Merge "Allow package verifier and uninstaller to do silent uninstalls." into nyc-mr1-dev
73a05d1865c2859981e1884bce19d1632ff2ec11 01-Sep-2016 Todd Kennedy <toddke@google.com> throw if >1 verifier found
am: 5320ee42c6

Change-Id: Ie59f45fa660564ecf073bde4e750d65cf2752467
a1ce6ee444e105f2b7aac66912cf18e85baf58ad 01-Sep-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "throw if >1 verifier found" into nyc-mr1-dev
d47e4143ae31de8b74b1a77747bb596bc3ce4ba3 31-Aug-2016 Daniel Nishi <dhnishi@google.com> Merge "Fix a bug where the Deletion Helper could not delete packages."
8402d225c0ef0ff7088c18d603c68c58edc844f6 31-Aug-2016 Todd Kennedy <toddke@google.com> Enable web action apps based on system setting am: efc1c4d501 am: 742f4de6cf
am: 66db34fbe2

Change-Id: Ic1726786e0baeaf758381f3a9a9324ea39b921be
bf6154a5ba3ec164d5f29465dcb65213cc641b22 26-Aug-2016 Sudheer Shanka <sudheersai@google.com> Allow package verifier and uninstaller to do silent uninstalls.

Bug: 30280938
Bug: 31146793
Change-Id: I450340d9bafd3c1b7c1bfb8ae9281a23cb8a0b5e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
85a91def5c741b91a409d6a3cd6ae1df289d8f21 28-Jul-2016 Todd Kennedy <toddke@google.com> update shared libraries for system apps

After removing updates for a system package, we weren't updating its
shared libraries when we should have. Make it so.

NOTE: This didn't affect device boot because we update all of the
shared libraries for all system applications after scanning packages.

Bug: 30266503
Change-Id: I8edf4344228fb3e793e7648ea70a041cb5db6af6
(cherry picked from commit 6058df65e645a81bdc7285dcd9f8b12b9f5b534f)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
efc1c4d50104e9b9a7581c9b60703727805897f0 21-Jul-2016 Todd Kennedy <toddke@google.com> Enable web action apps based on system setting

Bug: 28140107
Change-Id: I4cff49165be6432404b9a616ca35bee249daab2a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
80855e154e04977f2f9db8d080fee6e4b4abd83c 26-Aug-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Implement new ephemeral resolver design" into nyc-mr1-dev
5320ee42c6e9c7916ca5127c99f872b1b8008fd8 26-Aug-2016 Todd Kennedy <toddke@google.com> throw if >1 verifier found

still allows for no verifier to be defined.

Change-Id: I0b2208edf20c2680b0aaedb6c5efaa42ac1f952d
Fixes: 31086284
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bda214155879586b95d4f82837b5a154dbc0694d 25-Aug-2016 Todd Kennedy <toddke@google.com> use directory timestamp during OTA am: 095d4125be am: 9366047713
am: e3761ac4d9

Change-Id: Id74d2d751607f20c340b877d43dca12361a0d044
4c43fbd1da217cde46fef62e05c9b4fd6ff116fe 25-Aug-2016 Daniel Nishi <dhnishi@google.com> Fix a bug where the Deletion Helper could not delete packages.

Bug: 31096000
Change-Id: I780cf74dc6750110024dcb0008b47879597f0156
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9366047713c07f00b4c6640b5fbb22c110aabb83 24-Aug-2016 Todd Kennedy <toddke@google.com> use directory timestamp during OTA
am: 095d4125be

Change-Id: I9c429b193f808181d2cec02c0caeda07058a35db
f50ff35ceaf0bd4fa676cf4262be1c63024aa7d3 24-Aug-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "use directory timestamp during OTA" into nyc-mr1-dev
4bb46d912f3e6174ee1b2dfcb9c6d2ba64864f6e 24-Aug-2016 Sudheer Shanka <sudheersai@google.com> Add installer app check in PM.deletePackage. am: 72de4ddb46 am: d7b7a88f64
am: 9caa29e199

Change-Id: Iac1ff23942a2d8357a229b883e34285f075a3a4e
095d4125be2117d1bbcdc815dffe6ecc0b7e651f 24-Aug-2016 Todd Kennedy <toddke@google.com> use directory timestamp during OTA

Previously the timestamp was generated using the directory and not the
APK [see b/29575840 and b/29610181 as to why that's bad]. In MR1, the
timestamp was generated using the most recent time of any of the APK
files.

The timestamp discrepancy causes problems during OTA to N MR1. Most
apps are incorrectly marked as "changed" which means a full parse and
verification pass on all packages. This can be a very lengthy process.

Bug: 30930797
Change-Id: Iaef7b318e1c1effbd74d996f88cbf3d6e77736cd
Test: manually updated the platform and noticed that existing packages were marked as "not changed"
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d7b7a88f64d8271fca343dc895dcbb1c995411f0 23-Aug-2016 Sudheer Shanka <sudheersai@google.com> Add installer app check in PM.deletePackage.
am: 72de4ddb46

Change-Id: I89a3068721f9682692fb455baae376db2690204c
0b3cf692f66f13dcb7bf8c6fec15bda84b24efee 23-Aug-2016 Sudheer Shanka <sudheersai@google.com> Merge "Add installer app check in PM.deletePackage." into nyc-mr1-dev
a3cb83451558a4f68a563af540fa12ee9aa3911a 23-Aug-2016 Todd Kennedy <toddke@google.com> Allow permission group updates am: 21bd9b824f am: 873b0f563e
am: 83581a81ef

Change-Id: I9a6bcbebb026503c1ae57d81aa6bdc7ec4cc2f57
873b0f563e17794d643222d4c2d4c8457fc490c0 23-Aug-2016 Todd Kennedy <toddke@google.com> Allow permission group updates
am: 21bd9b824f

Change-Id: I8f938705b6f25b2bd53410f5b496191ec2784a9c
ee2df0390e470ee0e940dfb15f87d30f9b2e24cc 23-Aug-2016 Todd Kennedy <toddke@google.com> Merge "Allow permission group updates" into nyc-mr1-dev
fea1b776e96d10879769d3a3c17f297146605062 28-Jun-2016 Todd Kennedy <toddke@google.com> Implement new ephemeral resolver design

In the new design, the ephemeral installer can be returned from
queryIntentActivities which means any intent resolution could potentially
return the installer. Additionally, the new design calls for a platform
defined broadcast receiver that receives the status from the ephemeral
installer. This receiver then starts the final intent -- either to launch
the ephemeral application or to launch the fallback.

For more detail, see go/ephemeral-design

Bug: 30805203
Bug: 30273584
Change-Id: I6644bbb4f180d2d22c63af04b9857577516344a9
(cherry picked from commit 8e2d9d1d9050e93b15c54e992698325c7d4aa57c)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fdb40b650eb5451597ec15af97c09ea3af4f460b 19-Aug-2016 Svet Ganov <svetoslavganov@google.com> Add resource based mechanism to grant default permissions am: 59020bffb7 am: 34d85c6087
am: e3697a3569

Change-Id: Idf2e194e617d44b8dc5cced9162e98e8d48977c4
d44d46aa507de39b7160b5e1358db9faad3da7e5 19-Aug-2016 Svetoslav Ganov <svetoslavganov@google.com> Add resource based mechanism to grant default permissions

This CL adds a mechanism for an OEM to grant default permissions
using the build system. This allows permissions for which they
got default grant exceptions to be added without modifying the
platform code. The format is a simple XML listing the packages
and the permissions to be granted for a package. The XML file
is placed in etc/default-permissions.

bug:29546655
bug:30929033

Change-Id: Ib6d671dac9201812bd2c47010c2c4b1330ef6b6e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
59020bffb7dde02a2cd4cb797cadfe56bb36db44 18-Aug-2016 Svet Ganov <svetoslavganov@google.com> Add resource based mechanism to grant default permissions

This CL adds a mechanism for an OEM to grant default permissions
using the build system. This allows permissions for which they
got default grant exceptions to be added without modifying the
platform code. The format is a simple XML listing the packages
and the permissions to be granted for a package. The XML file
is placed in etc/default-permissions.

bug:29546655
bug:30929033

Change-Id: Ifb0516d7e2d0b399532024438bc0f86068a2e4e2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
77df6f315d6fbb22622ca46ae5735a5c73cc367d 17-Aug-2016 Svet Ganov <svetoslavganov@google.com> Remove permission review build property - framework

Change-Id: Ifcfd436f2d57a6006ef804292d2875434e4669da
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
53f7d933be4e618a2ac61a67dd64b2b3a7ba80ea 15-Aug-2016 Todd Kennedy <toddke@google.com> Merge "More settings cleanup"
788c8423d19972389b82a23dec297eb27d819c86 10-Aug-2016 Todd Kennedy <toddke@google.com> More settings cleanup

* While parsing the packages.xml file, don't call getPackagesLPw(); we'll
never find a package unless something has gone horribly wrong. Instead,
build the PackageSetting like a sane person and add it to internal
structures.
* Add methods to create a proper copy of the PackageSetting object and
not just the data from one class in the middle of the hierarchy.
* Stop converting Sets into Lists back into Sets when creating
IntentFilterVerificationInfo objects
* Remove the name argument when adding a package setting; it should always
be the name in the package setting

Bug: 30219944
Change-Id: I7fa2c540621fb5d70a59b15919bfd31d8465e25d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
21bd9b824f1bed7ccb412f1cd27e3f3a159ffe19 09-Aug-2016 Todd Kennedy <toddke@google.com> Allow permission group updates

When a package in updated, it may redefine a permisson group [specify a
new icon, text, etc...]. Udate our internal structures to the new package.

Bug: 30347537
Change-Id: I9fbaf7c68a4de658489cfd1c728473032dded98b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3dc99ea200e3d877af03bf2e67f00b173ee34222 04-Aug-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Break out static update method"
13715d521f340d24f1de6e06ceaaf2a945910c0d 01-Aug-2016 Todd Kennedy <toddke@google.com> Break out static update method

Simply getting package settings could changes stored state. Break out
the majority of the method to modify local variables and not change
any stored state. The top-level getPackageLPw() method will still
mutate stored state. This will be changed in a future CL.

Also add a set of tests to verify the behaviour of updatePackageSetting()

Bug: 30219944
Change-Id: I3360a36ce238e816246ee8ca7ecabfbbcdf0b89d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
63b0cea9affc1310613f1a278f7de0c6876ae87b 29-Jul-2016 Todd Kennedy <toddke@google.com> update shared libraries for system apps am: 6058df65e6 am: 9815fd3b2e
am: e4adf5e69a

Change-Id: Ibf7a521a0bc8a3f3a52fcf295e1bed79a12be661
6058df65e645a81bdc7285dcd9f8b12b9f5b534f 28-Jul-2016 Todd Kennedy <toddke@google.com> update shared libraries for system apps

After removing updates for a system package, we weren't updating its
shared libraries when we should have. Make it so.

NOTE: This didn't affect device boot because we update all of the
shared libraries for all system applications after scanning packages.

Bug: 30266503
Change-Id: I8edf4344228fb3e793e7648ea70a041cb5db6af6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
72de4ddb461e132f381aad7386f815581fd2aad5 23-Jul-2016 Sudheer Shanka <sudheersai@google.com> Add installer app check in PM.deletePackage.

- Update PM.deletePackage to check if an app trying to delete a package
is the same app that installed it.
- Update system apps to be orphans to allow silent deletion. This will
make sure managed provisioning is not affected.

Fixes: 30280938
Change-Id: Ideab5a47eee2a00e7eefa9119112e37c3118783f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2862ed2541411ea864505b8234da3e789dd104db 27-Jul-2016 Jeff Davidson <jpd@google.com> Add support for carrier \\"associated\\" apps. am: 24b9d96007
am: 19af77d2cb

Change-Id: I089db772e37b7d07a5423793aced78f2b3a9a1ae
19af77d2cb3d96cd5ef1c3c157522e9f05fe979d 27-Jul-2016 Jeff Davidson <jpd@google.com> Add support for carrier \"associated\" apps.
am: 24b9d96007

Change-Id: I1de92977f3a0635d88e6517210f6bbb06ab3d0f0
94ae1e739fd84a308609fff3b913d0963900ed6e 27-Jul-2016 Jeff Davidson <jpd@google.com> Merge "Add support for carrier "associated" apps." into nyc-mr1-dev
24b9d960071ecf24f1b7edf799f6a4edf20f2b95 21-Jul-2016 Jeff Davidson <jpd@google.com> Add support for carrier "associated" apps.

The platform currently supports the notion of default carrier apps.
These apps are set to DISABLED_UNTIL_USED until a SIM is inserted
which grants them carrier privileges, at which point they are enabled.
Apps are not touched if they have been updated from the version on
/system or if their state has been modified externally (e.g. by the
user).

This CL extends this notion to associated apps, which may not have
carrier privileges themselves, but should be enabled/disabled
alongside a particular carrier app. This should include helper apps
that should not be visible to users who don't use the given carrier
unless the user explicitly enables the app.

As additional protection, we add a check to ensure that we never
disable apps after the first time we've run. Since we need to store
this information in secure settings, we also move the call site from
PackageManagerService#main() to PackageManagerService#systemReady(),
which enables use of secure settings but still occurs before
third-party apps can be started.

Bug: 30141427
Change-Id: Iee72ba4e70e5ca97999c9147a65af82c670a23e8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ac69be543f89ea6e9a27204492e0a170d9b3450e 30-Jun-2016 Svetoslav Ganov <svetoslavganov@google.com> Add Bluetooth toggle prompts - framework

If permission review is enabled toggling bluetoth on or off
results in a user prompt to collect consent. This applies
only to legacy apps, i.e. ones that don't support runtime
permissions as they target SDK 22.

Also added a configuration resource which controls whether
permission review mode is enabled. By default it is not and
an OEM can change this via an overlay. For now we also keep
the old mechanism to toggle review mode via a build property
which is still used and will be removed when clients have
transitioned.

bug:28715749

Change-Id: I94c5828ad6c8aa6b363622a26ff9da4fc2e2fac7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7a39181c6c7542ebfe914a3ce54052f123df9ee4 23-Jul-2016 Todd Kennedy <toddke@google.com> Merge "Implement new ephemeral resolver design"
8653659cbe7ca57183704b6126916e22b7e0817d 22-Jul-2016 Todd Kennedy <toddke@google.com> Merge "Add more tracing"
4540a45e4db838a05e38172a32cf590e2cef2450 22-Jul-2016 Todd Kennedy <toddke@google.com> Skip failed package installs am: 6341244856
am: 3eadb90ae7

Change-Id: I44dfdde41c1b41f2ab30cc7f332ef0ebce93dd01
8e2d9d1d9050e93b15c54e992698325c7d4aa57c 28-Jun-2016 Todd Kennedy <toddke@google.com> Implement new ephemeral resolver design

In the new design, the ephemeral installer can be returned from
queryIntentActivities which means any intent resolution could potentially
return the installer. Additionally, the new design calls for a platform
defined broadcast receiver that receives the status from the ephemeral
installer. This receiver then starts the final intent -- either to launch
the ephemeral application or to launch the fallback.

For more detail, see go/ephemeral-design

Change-Id: I6644bbb4f180d2d22c63af04b9857577516344a9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
634124485611cb347f9e41a72df2920a76c32b8c 21-Jul-2016 Todd Kennedy <toddke@google.com> Skip failed package installs

If a package installation doesn't succeed [or hasn't succeeded yet], its
structures won't be setup so we should skip them when sending first
launch broadcasts.

Change-Id: I89a88480dc6d311a232cae5a236279b2f0a9df3a
Fixes: 30258737
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cd029da32165f4a348431d825d2bbaa46282710f 21-Jul-2016 Todd Kennedy <toddke@google.com> Add more tracing

Allows us to track PackageManagerService startup

Bug: 30272038
Change-Id: I56fa7480fe640f4444d09a657889ec83685a7570
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d80c3620082e7aef9cec40e71810ba477a4a9ddd 20-Jul-2016 Fyodor Kupolov <fkupolov@google.com> Do not migrate apps data on every user start

Only migrate apps' data if lastLoggedInFingerprint of the user is
different from the current build.

Bug: 28750609
Change-Id: Id7e3cdd787b122a56b880abb62c9d173a6463ba6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a5111bfda47f0d6c044c2bdbe6ae8a1c099849d7 18-Jul-2016 Ricky Wai <rickywai@google.com> Merge "Do not allow to disable package "android"" into nyc-mr1-dev
1a7b160ca5bf1b0dcf70747e2d1b6457e2ce10bb 15-Jul-2016 Ricky Wai <rickywai@google.com> Do not allow to disable package "android"

Bug: 25337001
Change-Id: I837d70898f00d3c97c8ae1f5eadd0791ba045df6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cf992636627ac881691d9273ca55f408e21f0b2a 16-Jul-2016 Makoto Onuki <omakoto@google.com> Merge "Cache the default launcher." into nyc-mr1-dev
37e5fdc6b4963f3533caecdd92b129f79da69dd8 13-Jul-2016 Andreas Gampe <agampe@google.com> Frameworks/base: Add compiler stats to Package Manager

Add a simple class for storing compiler statistics. Capture compile
times for code paths from a package.

Bug: 29223204
Change-Id: I1b066de6a83a739470a42480eee0bfef88423eea
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1030520822c42cc7357b463d301c7e97e928ba22 15-Jul-2016 Makoto Onuki <omakoto@google.com> Cache the default launcher.

Originally we always checked with PM for the default launcher,
which would take ~2ms.

Now we cache the result, and clears the cache when (any) preferred
activities change.

Bug 30126557

Change-Id: Iceef288cd372c8bb9b119aa493e5173d894f2302
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7366e8c16afb76ca1394385ab28be43e9ebb1898 14-Jul-2016 Nicolas Geoffray <ngeoffray@google.com> Merge changes I7a052a8e,Idb11b1c0 into nyc-mr1-dev

* changes:
[RFC] Special case system apps for profile optimizations
Compile core-apps according to their own "reason" for A/B
0bd776207999ccba17e5adb163710bd7b16ac907 12-Jul-2016 Calin Juravle <calin@google.com> [RFC] Special case system apps for profile optimizations

If the OTA updates a system app which was previously preopted to a non-
preopted state the app might end up being verified at runtime. That's
because by default the apps are verify-profile but for preopted apps
there's no profile.

Do a hacky check to ensure that if we have no profiles (a reasonable
indication that before the OTA the app was preopted) system apps get
compiled with a non-profile filter (by default interpret-only).

Bug: 30032273
Test: Andreas "has verified that Calin's change to A/B works as expected
and promotes things like SystemUI to speed. From my side, that's
ready to be merged"

Change-Id: I7a052a8ea76cab7f649dc993237ea05534d6c4b9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f34c308dfd9cdda428b8ead8bf655de1608501a9 13-Jul-2016 Makoto Onuki <omakoto@google.com> Revert "Revert "Revert "Handle package broadcasts before apps do"""

This reverts commit 886ba78dfb105eb45416587b73b6c6b336448de5.

With the tests updated.

Change-Id: I162e6ca23c667f90feddc1e9f42b554a416295cf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
98802f6007eef7a36237087111c38a998a388903 13-Jul-2016 Makoto Onuki <omakoto@google.com> Merge "Revert "Revert "Handle package broadcasts before apps do""" into nyc-mr1-dev
886ba78dfb105eb45416587b73b6c6b336448de5 13-Jul-2016 Makoto Onuki <omakoto@google.com> Revert "Revert "Handle package broadcasts before apps do""

This reverts commit efbbe7ea9db8adab6bff407db1d7fc54bbaf31ee.

Change-Id: I3dbb080db5121307f533a7d411f4f5d47225500e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7f3187bb0d12d288bc7211549c08adeb5ff651aa 13-Jul-2016 Makoto Onuki <omakoto@google.com> Merge "Revert "Handle package broadcasts before apps do"" into nyc-mr1-dev
9cf5bf04d2ececc616b2c8b6caf5e7df630aa1b8 13-Jul-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Move grantDefaultPermissions back to onNewUserCreated" into nyc-mr1-dev
efbbe7ea9db8adab6bff407db1d7fc54bbaf31ee 12-Jul-2016 Makoto Onuki <omakoto@google.com> Revert "Handle package broadcasts before apps do"

And fix b/29939691 (don't try to load locked users) in a different way

Bug 29939691
Bug 29895275

Change-Id: Ib55f9c5d5547c54daa4e05c1e50bf4bbceaf1991
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5fd967d263ae8f12665eba072d949b140d13695e 12-Jul-2016 Fyodor Kupolov <fkupolov@google.com> Move grantDefaultPermissions back to onNewUserCreated

Otherwise pre-grants may not work on managed profiles because apps could be
uninstalled when the user is started

Bug: 29955102
Change-Id: I8fafaf1ca6193c1a13bd2f0b463ee30fe473e6b5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bef41bf538b9935898f5e5bcb8b990440946aaa9 12-Jul-2016 Chris Tate <ctate@android.com> Merge "Don't force fstrim on OTA" into nyc-mr1-dev
d589c185c5b9c81c67c68f28c4c08c2c434db64e 11-Jul-2016 Christopher Tate <ctate@google.com> Don't force fstrim on OTA

This avoids showing a (momentary) "Optimising storage" UI along the way,
which proved to be jarring.

Bug 30064543

Change-Id: Iaff0f32eea4170829d71a4f2bd270cc63d1da543
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a2241834a54dc91e2eef858741f1a56a743c27b2 06-Jul-2016 Makoto Onuki <omakoto@google.com> Handle package broadcasts before apps do

- Have PM to call the shortcut manager directly before sending a
pacakge broadcast.

- The shortcut manager will enqueue a task to handle a package
broadcast, which will be executed on Handler.

- At the entry points of all external facing methods, block until
all pending tasks are finished.

Bug 29895275

Change-Id: Ib29fa3c9c8d9b9e0ca5c8f1e9da2a390324960a4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ccdad8f85b3dbdfb29f795d82fdd60d58cbd61df 07-Jul-2016 Esteban Talavera <etalavera@google.com> Merge "Disallow OobConfig being suspended" into nyc-mr1-dev
5133b6204c33be30b30daa21e61f2a7ad39b3da0 05-Jul-2016 Tony Mak <tonymak@google.com> Disallow OobConfig being suspended

Change-Id: I79d8e6b8bb77878767a0572a567a10ff08c0b6b8
Fix: 29892597
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
15ba58b8a48cb2bc64d1d71d7f96653c0f2ea34c 01-Jul-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "null check jarfile before using" into nyc-mr1-dev
7742a315fc0793e330beb14d538e9efca8e67c98 01-Jul-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Use category DEFAULT home actions" into nyc-mr1-dev
015eb8202a4b1ced01b36668bfc145bc7a70bae4 01-Jul-2016 Todd Kennedy <toddke@google.com> null check jarfile before using

Bug: 29937423
Change-Id: I14f8530523bedf6c287a7f89d3e54919d98454c9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bbfb1c174a83d8f87cc072e3a6d4a17528f1e5b7 01-Jul-2016 Todd Kennedy <toddke@google.com> Use category DEFAULT home actions

When querying for activities that support action HOME, only consider
those that also have category DEFAULT.

Bug: 29899206
Change-Id: I0cd95c90dff5ed90896205eb6c0ec9be1306eb25
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5e57a20c09512c676bc1ac938c5a2516ba260f72 30-Jun-2016 Fyodor Kupolov <fkupolov@google.com> Performance optimizations in generatePackageInfo

In PM.generatePackageInfo, granted permissions (returned by permissionsState.
getPermissions) are only used if the package has a non-empty list of
requested permissions. Added a shortcut to handle that. In my tests
this shortcut is triggered in ~20% calls to PM.generatePackageInfo.

Also added an early continue in PermissionsState.getPermissions. Calling
hasRuntimePermission was not necessary in 90% cases.
Also changed ArraySet to be created with capacity for all mPermissions --
this is the typical scenario, previously it was going through multiple
grow operations.

Bug: 29879962
Change-Id: Ic4d8914d1c4f4df447deee2e3e3a15a2594e90ef
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7877b8add811aafd7f57f731c8e22c9fe6a319c8 29-Jun-2016 Fyodor Kupolov <fkupolov@google.com> Optimized onUnlockUser

Offload work to the handler thread to allow AM to proceed with unlocking
the user.

Also optimized generatePackageInfo by not computing GIDs when GET_GIDS
flag is not set.

Bug: 29619732
Change-Id: Ib9dea53ea0d74038baeed67f21077305da61e46e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7281cf276ac084562c0382e4002b0ddce93c95b2 29-Jun-2016 Alex Light <allight@google.com> Merge "cp preopted files from B partition during PM init." into nyc-mr1-dev
3dafee6c1820bf0946bab04b290c5a757112d3e7 23-Jun-2016 Alex Light <allight@google.com> cp preopted files from B partition during PM init.

This allows us to save space on the system partition while still
having access to the preopted files.

We do this on first boot when the "ro.cp_system_other_odex" property
is set to 1. We do this during package manager initialization before
scanning the system to see which apks need to be optimized again.

Note that a separate script, run by init, is actually responsible for
finding and copying the files. We simply request that it runs.

Bug: 29278988

Change-Id: I8d7c790ad35b32a0ce1d87939f043419bae4d88a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9d48a731d0a7c016b58bc9c1afc4acd94200650f 24-Jun-2016 Steven Ng <stevenckng@google.com> Disallow disable / hide device provision app

+ Rename functions in ProtectedPackages.
+ Add a Set in ProtectedPackages to store protected package.

Bug: 29116229
Change-Id: Ib7dd93a158c09ebbf70f4d57c1afbd2c5102edbd
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d73d2a3a3d9169cc9222f0f187d58800da4964ba 24-Jun-2016 Todd Kennedy <toddke@google.com> Merge "fix last modified time" into nyc-mr1-dev
8051a0a3958f8ff75ce36cd5b4eb09dfc95662b1 23-Jun-2016 Todd Kennedy <toddke@google.com> fix last modified time

For cluster packages [i.e. packages that are split among multiple APKs]
the codePath is the directory containing the APKs. This normally works
well since the directory is created newly on update. However, it breaks
down during OTA when the directory modification time may or may not
change.

Specifically for cluster packages, we determine the packages "last
modified time" as the date of the newwest APK added to the package.

Bug: 29575840
Bug: 29610181

Change-Id: Ia0a40cf6aaf4102f35e9319ebdb95074b1740c90
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
eaa1c9ae4248810ed30c52d85e348712f5621a50 23-Jun-2016 Jeff Sharkey <jsharkey@android.com> Merge \"When uninstalling, only kill the requested user.\" into nyc-dev
am: 060d5a0e0a

Change-Id: I3975462d7f027cc4fd449c56ba0c5f6442369a1b
85f449eaba207d5d3a72bd091855a02ff019404c 23-Jun-2016 Jeff Sharkey <jsharkey@android.com> When uninstalling, only kill the requested user.

When an app is being uninstalled for a specific user, only kill the
app under that user; leave the app running under other users.

Bug: 28875343
Change-Id: Ie60753cfd22df10a2b17d8c3732b6f19d2fe1fb9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5d1d63708662262733cfa0262f9e8d7b9543907e 22-Jun-2016 Jeff Sharkey <jsharkey@android.com> Merge \"Avoid runtime restart when storage is missing.\" into nyc-dev
am: 18553f5f73

Change-Id: I9303aa177f25f27db7090bf2464218d690aaeafe
11f197c3fe24c5fdccf3c2feacb22bc16d73d5fc 22-Jun-2016 Jeff Sharkey <jsharkey@android.com> Avoid runtime restart when storage is missing.

When primary shared storage is completely missing, catch the thrown
exception and treat as if ejected.

Bug: 29461637
Change-Id: I8eb5cdeb01983efbf26da3d32ab19a6630662156
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4504b0e40c8e1bca6d826faf04526bcf01b673d7 22-Jun-2016 Todd Kennedy <toddke@google.com> Merge \"Revert \"Parse \"vendor/priv-app\" to find privileged applications\"\" into nyc-dev
am: c211539769

Change-Id: I305fd763e69bc6d4836193397cb63f632e26a6a9
c211539769dfaa507cfaf7dc22e9feb56065018c 22-Jun-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Revert "Parse "vendor/priv-app" to find privileged applications"" into nyc-dev
56b9656372b51eee6f1849cd2f1428ace78729bc 22-Jun-2016 Todd Kennedy <toddke@google.com> Revert "Parse "vendor/priv-app" to find privileged applications"

This reverts commit 02708b1ac41e12029b806085f8ff76a0e2c916b5.

Change-Id: Ie1ba362a9f5ee46516a79c35bd4a6e45f84b6a32
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
409b0a13e1f2f3f62e4827b835700c4cf2b77f06 21-Jun-2016 Todd Kennedy <toddke@google.com> Change prefix based upon mask

The mask may not be all F's.

Change-Id: I50ff4e4fb95af2037b84a1531b60dd9c0986bf86
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bc7e15eedc0f9e8d37b53af618834c017708e008 21-Jun-2016 Jeremie GARCIA <jeremie.garcia@intel.com> Merge \"Parse \"vendor/priv-app\" to find privileged applications\" into nyc-dev
am: 8a1bc54ab0

Change-Id: I651efd38fa6dd6433a13e5eb7569d882866cbc1e
8a1bc54ab050daac935536f7fc5a8b9130e3eed3 21-Jun-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Parse "vendor/priv-app" to find privileged applications" into nyc-dev
02708b1ac41e12029b806085f8ff76a0e2c916b5 05-Nov-2015 Jeremie GARCIA <jeremie.garcia@intel.com> Parse "vendor/priv-app" to find privileged applications

Change-Id: Icbbafba96b7880f51ca3afcee53d5f3dd5b86a45
Signed-off-by: Jeremie GARCIA <jeremie.garcia@intel.com>
Signed-off-by: Zhiquan Liu <zhiquan.liu@intel.com>
Bug: 29488499
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
be880349fa58efc8781eafe28cd603e8a8d3c1c9 20-Jun-2016 David Brazdil <dbrazdil@google.com> Merge \"Fix NPE in reading package-usage.list file\" into nyc-dev
am: ec3f8409b8

Change-Id: I29238af5df6b96a28960edfadfb1c66f595a670f
acc21f572dfb88f8fa08ea95c77c5ce212b86efb 20-Jun-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "fix resolver" into nyc-mr1-dev
ec3f8409b84e555f21290372de911ff704406e72 20-Jun-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Fix NPE in reading package-usage.list file" into nyc-dev
2aaa7c189805259de6023d3110dc1503514dd84a 20-Jun-2016 Narayan Kamath <narayan@google.com> Merge \"PackageManager: Don\'t fail app installs if dexopt fails.\" into nyc-dev
am: 5ae42bb661

Change-Id: I7892f2f35f6f43d98d4a01ff9c5bb64df486d11b
958b3410bf9d5a9c8afdc7571d514b242926101e 20-Jun-2016 Todd Kennedy <toddke@google.com> fix resolver

Change-Id: I31649d0f85b7b6553a6ecf38fd7c08279b85a0a6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
83dce3642abb44fb83384a2e95ce2b89bfd80e20 20-Jun-2016 David Brazdil <dbrazdil@google.com> Fix NPE in reading package-usage.list file

A zero-length file is a valid package usage file of version 0 but
checking against the version 1 magic would throw a NPE.

Bug: 29491065
Change-Id: Ie54b1dd3218e4b1251c29db0c784a5ddf605394f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
99407db8ddb70141a9582b4d9f5d5012067748fe 20-Jun-2016 Narayan Kamath <narayan@google.com> PackageManager: Don't fail app installs if dexopt fails.

bug: 29493857
Change-Id: I953de204319b943d9389bb4c787f859e169e8d21
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
092d9613676e841093ed1992b559aea455d56548 16-Jun-2016 Todd Kennedy <toddke@google.com> Merge \"Make sure we\'re locked\" into nyc-dev
am: 32d67fab83

Change-Id: I2f80a7af0ddd6f282cde6c8d9ea79e0c614fba6b
32d67fab83d96a9c05d03a44fcb44e0410bb61df 16-Jun-2016 Todd Kennedy <toddke@google.com> Merge "Make sure we're locked" into nyc-dev
3d5604dc901aa11e31ca353347b3be348583d289 15-Jun-2016 Todd Kennedy <toddke@google.com> Make sure we're locked

Before calling a method ending with LPw, we need to have the mPackages lock.
Make sure we do that.

Also, ditch the iterator for traversing an ArraySet.

Bug: 29356333
Change-Id: I67df971f2961b577f31153cef46fb153458d6965
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c5ffdb9ee48905bacab0d5986d3eff2b399acd5e 16-Jun-2016 Amith Yamasani <yamasani@google.com> Merge \"More thorough cleansing of expired users\" into nyc-dev
am: 4f2b1b455e

Change-Id: I5714f73a9b90c0cb8fee653abf799374acfc6232
d04aaa323c3a788d26f18fc66e0a59b47e525b38 13-Jun-2016 Amith Yamasani <yamasani@google.com> More thorough cleansing of expired users

If any /data/system_[c|d]e folders were not erased
when the user was removed (maybe due to a reboot),
make sure they're cleaned up on restart as well
as when the userId is recycled later.

Mark the users' system folders with the correct
serial number for later verification.

AccountManager shouldn't be querying accounts of
partially created/destroyed users.

Change-Id: I4313756b7464f34cd5ce4fb296d61daa50b41fcb
Fixes: 29285673
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a97045b2456b63a9c699a8cc8af66b0e8e95c519 11-Jun-2016 Todd Kennedy <toddke@google.com> New API w/ multiple prefixes

Use the new API that contains multiple hash prefixes and a mask. Also
do some small refactoring necessary to handle multiple prefixes and
use a common implementation of the hash generation

Change-Id: Ib52f767ea6aadc30c67c5bdee949e9f9c5f04e44
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
78f16950c62c68ccc6a5547f7388afd9b1c77fde 13-Jun-2016 Makoto Onuki <omakoto@google.com> Merge \"Push DO/PO package names from DPMS to PM\" into nyc-dev
am: f419bd9e03

Change-Id: Ic3071f3a712da72fd141ef37ac6aabe6dbd09355
f419bd9e03574d63581694f646f1b1136e7574d8 13-Jun-2016 Makoto Onuki <omakoto@google.com> Merge "Push DO/PO package names from DPMS to PM" into nyc-dev
d8bdb89f9a27955ce991a8e0553e16907a9b2cc0 11-Jun-2016 Tetsutoki Shiozawa <tetsutoki.x.shiozawa@sonymobile.com> Merge \"Solve the infinite loop on clearExternalStorageDataSync\" into nyc-dev
am: d25c718a12

Change-Id: I93d2a6fe287491b957e2851de2ead9d878702e63
d25c718a12725c9721dfc79deb0c27f15aa65d58 11-Jun-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Solve the infinite loop on clearExternalStorageDataSync" into nyc-dev
99bf020f707553601b4830aefe264d54d1f7fbfd 08-Jun-2016 Tetsutoki Shiozawa <tetsutoki.x.shiozawa@sonymobile.com> Solve the infinite loop on clearExternalStorageDataSync

5000 msec timeout is set for waiting DefaultContainerService, but
it's not working. It's not possible to exit a wait loop even if it
takes over 5000 msec.

Bug: 29232999

Change-Id: I74a45637e0a3fa5a7b151e6b3dc0b3aaece96d53
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e2e1ef0581c188014a0b11bbf46325b82d959720 10-Jun-2016 Todd Kennedy <toddke@google.com> fix prefix generation

when performing bitwise operations, java promotes byte's to int's.
this is normally okay except when the value is negative. in that
case, java extends the sign bits. this means that after shifting,
all of the upper bits are most likely going to be all f's. instead,
undo the sign extension by pulling out just the 8 bits we're
interested in.

Change-Id: I89f7244f6b675be2cca4a185a7002b5f8a6eece1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
af41485757c5da4bff8dafdc2f77d1d9a1ae446d 02-Jun-2016 Todd Kennedy <toddke@google.com> Ephemeral changes for debug builds

The installer/resolver must typically be specified in a baked in XML
file. But, to aid development, allow the installer/resolver to be
added dynamically on debug builds.

Change-Id: I8617bb2a33a51fc596579bdaadb27a11c3740c14
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cf70a17a7100e06d873d15edcfa4497685476327 07-Jun-2016 Narayan Kamath <narayan@google.com> PackageManagerService: fix NPE while renaming foreign dex markers.

The User passed in to scan*LI is null during the initial boot scan
and maybeRenameForeignDexMarkers wasn't expecting it. We attempt to
rename markers for all users if that happens.

bug: 29167406
Change-Id: I892dcc542e75d62d72c062b8ce5506ef85df5fc2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ac063d64ea133461338a1bf89f949bc5b3825565 08-Jun-2016 David Sehr <sehr@google.com> Simplify code paths computation, allow adb root to dump

Bug: 28748264
Change-Id: I1aefa5d98e80b58d6ed500c5d2d610569cf25c3a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c29f62c7388f550da2c7368c5dbc0aec7d1564fe 07-Jun-2016 Makoto Onuki <omakoto@google.com> Push DO/PO package names from DPMS to PM

Bug 29126573

Change-Id: I95ea1559f6acf5d2f0e1b0953568cdfc938e83b9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
110a12dff13276baa12e8587449a1a7f3a318451 02-Jun-2016 Narayan Kamath <narayan@google.com> PackageManager: Rename foreign use markers on app installation.

The foreign use markers contain the codePath for a given executable
dex file, so we'll need to rename them when the codePath changes
during an application update. If we don't do this, we might compile
that are used widely across processes (such as GMS core) with
suboptimal filters.

This seems like a messy and brittle design in general, and will be
rewritten post N so that we don't rely on file system topology.

bug: 28998083

Change-Id: Ie4f3995ba52f098edb911b5a388c63696bbd77ac
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
258aa3e56b02b95e8e855ef949a29babe178b4a5 01-Jun-2016 Narayan Kamath <narayan@google.com> PackageManager: Dexopt core-apps during service bringup.

Code from these apps can be loaded by the system_server and so
we need to make sure they're compiled before their package contexts
are requested. Leaving them interpreted will cause performance issues.

On a Nexus 6P with WITH_DEXPREOPT=false, this adds an additional
26 seconds to every upgrade / first-boot and ends up optimizing a total
of 20 apps.

bug: 28639246
Change-Id: Ief3c0048fda4f1b1742fbf3e2476e65fa607a18a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7c5bcfc21ac87c56c57b1929ce04481fa0e116c7 02-Jun-2016 David Sehr <sehr@google.com> Merge "Installer connection support for dump_profiles" into nyc-dev
380f3b12a4725a0534d62ada7c6f3bd67ebd0d01 02-Jun-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Release AssetManagers when ejecting storage." into nyc-dev
98bf12f99989ba2550fac83ee48ecbb6f1582f07 26-May-2016 Jeff Sharkey <jsharkey@android.com> Release AssetManagers when ejecting storage.

When ejecting a storage device, the system process needs to rapidly
release any open FDs to prevent itself from being killed by vold.

This change examines all ResourceImpls cached inside the system
process and evicts any that reference the storage device being
ejected. (ResourcesManager will gladly recreate any evicted entries
when asked again in the future.)

Also replace broken use of WeakHashMap, since we want the values to
be weak references, not the keys.

Bug: 28867548
Change-Id: Ib9cfc66497149b6d3f8d49213e9779408a331d2a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
93193135b184a2f1c7518d8beeff7c51b2880606 01-Jun-2016 Brian Carlstrom <bdc@google.com> Merge "PackageManager: Don't clear app profiles during system upgrades." into nyc-dev
34a6258b2a7a55733ce80b2b88753dff91c12d52 01-Jun-2016 Narayan Kamath <narayan@google.com> PackageManager: Don't clear app profiles during system upgrades.

They don't need to be cleared and will remain valid as long as
the application itself hasn't changed.

bug: 28998083
bug: 29067239
Change-Id: I2e4a4ee1b168da81073b8e70b12918db592fe691
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a87770828637813dacd176ba3c8d3810f7ed6ab8 25-May-2016 David Sehr <sehr@google.com> Installer connection support for dump_profiles

Bug: 28748264
Change-Id: I22322b5a0716a030d9873edcc6dfd7f3ef2d3bca
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1c39a112b43e50da4e801d634e28ae7a130c0dcb 31-May-2016 Todd Kennedy <toddke@google.com> Merge "Remove STOPSHIP" into nyc-dev
89f4bff149c62baf8371118aed2c4e6ac29976c5 31-May-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Cleanup performDexOpt with instruction sets." into nyc-dev
fb6cf77a6721f2af4df09b33d649f66ad79559f6 27-May-2016 Nicolas Geoffray <ngeoffray@google.com> Cleanup performDexOpt with instruction sets.

Always use the packages' derived instruction sets.

This fixes a bug where otas and background dexopt would only
look at one instruction set.

bug:28994818

Change-Id: I730b59d24943c71de30adb485a823fd79c6806a6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ac06a4907bff7d5ee0612dbb85180222e1455791 25-May-2016 Fyodor Kupolov <fkupolov@google.com> Remove ActivityManager calls with PM.mInstallLock held

UserController now pushes user state to UMS.

PM now checks user running/unlocking/unlocked state by calling
UserManagerInternal.

Bug: 28090199
Change-Id: I20e62b37f78238f28dd81f49f876732bbd3c6b34
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3603bc6e3f73421f59a53ff9f5f9d19bc33074f7 18-May-2016 Amith Yamasani <yamasani@google.com> Fix a deadlock in system server

Don't call into DPMS with PackageManager lock held. Doh!

Bug: 28828415
Change-Id: I08437d849236374acc0d804fe31aba703af385ba
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6d99f796711882ba60977c211d0f92252fe7ad4a 16-May-2016 Narayan Kamath <narayan@google.com> PackageManager: Fix reference profile canonicalization.

Foreign dex markers are named in the runtime by calling realpath(3) on the input
dexfile path and replacing "/" with "@". On the Java side, we're using
File.getCanonicalPath, which is similar but isn't quite the same. It tries
to call realpath() directly, but if that fails, it resorts to a series of
increasingly desperate measures to calculate a "canonical path". We just
use realpath instead.

Also, don't attempt to delete a profile if canonicalization fails.

bug: 28740848
Change-Id: Ie5d5af590187e793db633342a42b923865e5c005
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a8b4f7597842b17b44e1ea859f218d610789e277 17-May-2016 Narayan Kamath <narayan@google.com> Merge "PackageManager: Clear foreign-dex markers when the app is uninstalled." into nyc-dev
19b34eccfee9d14e6888c4813cc369bd4b3a7e81 17-May-2016 Amith Yamasani <yamasani@google.com> Merge "Allow Shell to change component enabled state" into nyc-dev
bf12565276484a9ba003f760e8a61bbecc6815f7 13-May-2016 Amith Yamasani <yamasani@google.com> Allow Shell to change component enabled state

But make sure that we don't allow Shell or other apps
to disable an active profile or device owner.

Also limit exactly what states Shell can switch apps
between, similar to Settings UI.

This is required for some CTS tests

Bug: 27924655
Change-Id: I958f0d1de7f0bc1f5a0cbf853d57dfdeb2f9ad59
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6eb923cb64f38dcb23fd3ca15793a13a900b1630 17-May-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Delay grantDefaultPermissions until user's first start" into nyc-dev
b45d9833aa3e8bbfdb819c7bcd104c95c8424f05 16-May-2016 Fyodor Kupolov <fkupolov@google.com> Delay grantDefaultPermissions until user's first start

Bug: 28765487
Change-Id: I6a7b0a9fc85964def1e991aafe967977080dfdab
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a7b826b08aa1b185b0e46b648e5c2ed7f818ae09 16-May-2016 Fyodor Kupolov <fkupolov@google.com> Merge "Added scheduleWritePackageListLocked" into nyc-dev
1475701100d07af2fad563891082d7712e385950 12-May-2016 Narayan Kamath <narayan@google.com> PackageManager: Clear foreign-dex markers when the app is uninstalled.

Also:
- Adds a missing call to clearProfiles to a callSite that was clearing other app data .
- Fixes a bug where the wrong package was being passed to clearAppProfilesLIF. We should
use the "old" (pre-upgrade) package and not the "new" (post-upgrade) package.

bug: 28510916
Change-Id: Ia926acda2c72d39bad51143e3f923643d9c3a0af
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e89dc40706f325e039de7dd6714223908dfb9b17 13-May-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Show package icon/label for resolved package-targeted implicit intents" into nyc-dev
86100d18ad0bd5ae3267a0e0944d15f4fe94078a 13-May-2016 Adam Powell <adamp@google.com> Show package icon/label for resolved package-targeted implicit intents

If we're going to show metadata about a resolved implicit intent that
is targeted to a single package with multiple potential targets,
populate the ResolveInfo with the label and icon of the target
package's ApplicationInfo and set resolvePackageName. This helps use
cases such as EXTRA_INITIAL_INTENTS in ChooserActivity, where
sometimes apps set target packages but not components.

Bug 28739056

Change-Id: I8070d341fccc139463c5ac8d66db45fce02252e5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c30808b413deff60fafa047d9cc15c275feb3c63 13-May-2016 Fyodor Kupolov <fkupolov@google.com> Added scheduleWritePackageListLocked

Call scheduleWritePackageRestrictionsLocked and
scheduleWritePackageListLocked when a new user is created.

Bug: 28750034
Change-Id: I442551855e2eece7a1610750c6802a785bfb2fb5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4ee1c943ab5f7f69355d1413bca981812a804a67 12-May-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Do not clear profiles after OTAs" into nyc-dev
36ecd08dc1627a7ed9c0ef498b41c40a66d646b0 11-May-2016 Todd Kennedy <toddke@google.com> Remove STOPSHIP

Instead of tracking a one-off variable, use the version code to
properly determine a pre-N OTA.

Bug: 27872764
Change-Id: Ib80b96ebddfa8bec398e02137ec26ce006164921
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f09f0699369c02a6a46fbff68c02b00a7c703697 11-May-2016 Todd Kennedy <toddke@google.com> Merge "Fix secondary ABI instrumetion" into nyc-dev
b3e435439cad94e5f20c7c9e0c4a5fa321c68443 11-May-2016 Narayan Kamath <narayan@google.com> Log optimizing apps dialog time in seconds (and not decis).

bug: 28528058
bug: 28544474
Change-Id: Ib95d5625640c3c8d27d1844c49188570d7196ee2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6694dbef38c3fe2c5ceef19d0ddd57b6d5b0b587 10-May-2016 Calin Juravle <calin@google.com> Do not clear profiles after OTAs

Bug: 28689868
Change-Id: I21b75eb6918915b16b0d1a06e753a56822834a2d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fdc675968c818a1913b870dd16077f6fe785ee3f 11-May-2016 Fyodor Kupolov <fkupolov@google.com> Merge "Push unlocking/unlocked state to UserManager" into nyc-dev
e713efcac103f3d8083ec9d5b00c528af7266b21 10-May-2016 Todd Kennedy <toddke@google.com> Fix secondary ABI instrumetion

When installing an APK that supports multiple ABIs, the ABI installed
can be forced to the secondary ABI [i.e. On devices that support both
32 and 64 bit variants, the 32-bit version can be forced when it's
the secondary ABI.] In this case, instrumenting the class always tried
to use the primary ABI. Instead of blindly using the primary ABI and
dropping the secondary ABI, we propagate both ABIs and make a
decision on which one should be chosen.

Bug: 28406240
Change-Id: I7ebb2fd264d2281912afd30f6d73ccb460f9cf85
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
01da140aced14162d6d1bf4a0b2bf33e23b9c2c4 10-May-2016 Svetoslav Ganov <svetoslavganov@google.com> Merge "Don't throw runtime exceptions for permission flags" into nyc-dev
6c915ead38db0a2a6393c40d4fbac959399439c5 10-May-2016 Fyodor Kupolov <fkupolov@google.com> Push unlocking/unlocked state to UserManager

Push unlocking/unlocked state to UserManagerInternal when it's changed in
UserController. Use UserManagerInternal.isUserUnlockingOrUnlocked when
updating flags for filtering in PackageManager.

Bug: 28629076
Change-Id: I8440af090f533f93870d0cff0e3871e114c37efa
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7e01af424355b5bbac64126fef4e3d37c9c41dd7 10-May-2016 Svetoslav Ganov <svetoslavganov@google.com> Don't throw runtime exceptions for permission flags

We were thrwing undocumented runtime exception when
one gets the permission flags - now we just return
default result of the package is gone.

bug:28657926

Change-Id: I42554a86b9304ff83fe9385f3eea930b8ebf0c63
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
966210b7218a99f57d7e9b40f7d2c0ff69151776 10-May-2016 Narayan Kamath <narayan@google.com> Use MetricsLogger.histogram for optimizing app statistics.

bug: 28528058
bug: 28544474
Change-Id: Icbe26e9699eade08725e38914f07d7584e77b608
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3496fdbd2f84de3c8e8070be7d669b94ea1ca769 10-May-2016 Narayan Kamath <narayan@google.com> Patrially revert 4ec026930bfbbb5d8923f359c8.

In preparation for using MetricsLogger.histogram / count. The main
purpose of this change is to remove the (now bogus) action IDs
associated with this logging.

bug: 28528058
bug: 28544474

Change-Id: Id79de2d34c3f937a327ac21d44e55c18047bce85
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9b40edab61ca9bf3b9f5931bbfc266eb6c6216e6 10-May-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Revert "Enable profile merging for post-OTA package verification"" into nyc-dev
88eea9e580a6b2ee804a092f851b5325355fcdce 02-May-2016 Narayan Kamath <narayan@google.com> Add a command to print package dexopt status.

Can be invoked like so :

$adb shell dumpsys package dexopt
$adb shell dumpsys package dexopt <packageName>

bug: 27494108
Change-Id: Ie91f744aeac772e0e22abc9c805df9290a4e2418
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aab8cbfa234e1c53f909ac4bebeccbe2ddbeda05 10-May-2016 Jeff Sharkey <jsharkey@android.com> Fix package cleanup when parsed APK missing.

Recently the uninstall logic was changed to require a parsed APK to
succeed, but we need uninstall to succeed when the APK lives on an
ejected storage device.

To fix that case, create a fake parsed package with just enough
information for the delete to proceed.

Fix package movement bug that sent an invalid user ID to installd;
we need to explicitly ask for each user.

Bug: 28658206
Change-Id: Icf417661f07688c7523f0d082528adec2ac70cc6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8412cf4daaa437003f4a79a82aa35465c4f0d418 09-May-2016 Calin Juravle <calin@google.com> Revert "Enable profile merging for post-OTA package verification"

This reverts commit 5da9dad2dd04586dbd665e6a73bfee1d0ed92a89.

Bug: 28612421

Change-Id: Idbbb24241362a70b697ae2d648ea47996f5239c6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ee057752cce759520e3ba7a022f8616504c12fa0 27-Apr-2016 David Brazdil <dbrazdil@google.com> Hide 'Optimizing apps' dialog if not M->N upgrade

Recent changes reduced the amount of time spent optimizing apps at
post-OTA boot. Instead of briefly showing the 'Optimizing apps'
dialog, we hide it completely.

The dialog is still shown for OTAs from a pre-N version of Android
since they can take a non-negligible amount of time (still much less
than in M).

Bug: 27350503
Change-Id: I5f6dae0c69799e1fc522f36453d2671b333bef0e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a75d4877af7fa045cc91b2d60d3801aa098608de 05-May-2016 Adam Powell <adamp@google.com> Merge "Have the Resolver/Chooser activities handle resize config changes" into nyc-dev
4ec026930bfbbb5d8923f359c80b465d4b0ccda2 03-May-2016 Narayan Kamath <narayan@google.com> PackageManager : Log stats about the optimizing apps dialog.

Logs the following parameters :
- Total time spent optimizing apps.
- Total number of apps that were dexopted.

TESTED: with adb logcat -b events:
05-04 15:24:16.303 2065 2065 I sysui_action: [402,3]
05-04 15:24:16.303 2065 2065 I sysui_action: [403,34]
05-04 15:24:16.303 2065 2065 I sysui_action: [404,0]
05-04 15:24:16.304 2065 2065 I sysui_action: [405,163]
05-04 15:24:16.304 2065 2065 I sysui_action: [406,12168]

This shows that:
- 3 apps were optimized
- 34 apps were skipped
- 0 apps failed to optimize
- dialog showed a total of 37 (3 + 34 + 0) apps
- system has 163 optimizable packages
- a total of 12.2 seconds was spent in the optimizing apps dialog

bug: 28528058
bug: 28544474
Change-Id: I9eb5229a1589ca0df57d3fc03102992fa90a877f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
46ef0579dddd6480306fa58553a6e3180aedf9c7 05-May-2016 Adam Powell <adamp@google.com> Have the Resolver/Chooser activities handle resize config changes

Both of these activities do additional work and look janky when
rebuilding for a config change, especially in the presence of
multiwindow. As neither of them use layouts or other resources that
vary based on configuration, mark them as handling the relevant config
changes.

Bug 27171954

Change-Id: I38df1d875bcb063d72316b586c4d3f8074c4fad9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ecf4622618bb963d913a3e217c92da61f305d79e 05-May-2016 Robin Lee <rgl@google.com> Merge "Disallow suspending the default dialer" into nyc-dev
0dc591b48d96c7b5ac809197c2fb758dccec15a2 04-May-2016 Robin Lee <rgl@google.com> Disallow suspending the default dialer

This is the only case that still had to be protected by priv-app, so
that check is removed at the same time.

Bug: 27635033
Change-Id: Ifd5e59ab56eb45f0651cb25882ead920c758ae51
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c8cc38c8c56770dd3ff2a7e2fbb3267c6a9a14d0 04-May-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Avoid restart when inserting/ejecting adopted." into nyc-dev
379d52be47be88b86f0d446c27d47e80bb81cfd1 04-May-2016 Jeff Sharkey <jsharkey@android.com> Avoid restart when inserting/ejecting adopted.

When rapidly inserting/ejecting an adopted storage device, we might
still be trying to prepare the storage device. Catch the exception
to avoid a runtime restart, and keep rolling forward, since we'll
probably be handling the ejected event in a few moments to clean up
any packages.

Bug: 28467146
Change-Id: Ib923663ae6d63259c1b5792b68dfe760612ab838
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d17fda40cdcf875002086fbe98bf34ba7cbdb03c 29-Apr-2016 Felipe Leme <felipeal@google.com> Added option to reset network policies for a given user.

BUG: 28429571
Change-Id: I675e4ee5484a865f6819d7a0eef34133be11306f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
599de361cb7832fec18a51a62cbf44af4df27020 03-May-2016 Jeff Sharkey <jsharkey@google.com> Merge "Apply non-FBE migration early during boot." into nyc-dev
f0143cc1c6f9d81e70246f7254f52f23d65ac72c 02-May-2016 Jeff Sharkey <jsharkey@android.com> Apply non-FBE migration early during boot.

On non-FBE devices, we offer to migrate CE/DE storage of certain
system apps during boot. However, if this migration happens after
app code has started to run, we end up clobbering open files such
as databases.

The right way to solve this is to apply all migration early during
boot (in the PMS constructor) before any app code can start.

Bug: 28512897, 28525109
Change-Id: I17eb9a09e5862d873b86c05ce35874a34386e433
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f2812853b820ad994be2b9c42e7905f61e4a0106 02-May-2016 Sudheer Shanka <sudheersai@google.com> Merge "Allow any app to silently uninstall the orphan packages." into nyc-dev
4e4fca43b0fb1320ce0265640d33b700cd886da8 02-May-2016 Todd Kennedy <toddke@google.com> Merge "Restrict updates of system packages" into nyc-dev
0e9e5ea58600a7b6aed1b307affdc400bfa9b33b 29-Apr-2016 Svetoslav Ganov <svetoslavganov@google.com> Merge "Only platform defined permissions need a review." into nyc-dev
fdd241a1e026afeeb68d30cb3d999ee9506769ce 28-Apr-2016 Todd Kennedy <toddke@google.com> Restrict updates of system packages

By declaring a <restrict-update> tag in its manifest, a system package
can restrict its update to be the singular package that has the same
given hash. An update's hash is the SHA-512 across all its APKs [i.e.
for splits, the SHA-512 is calculated over the concatenation of the
base plus all splits].

The restriction only applies to system packages.

Bug: 28398205
Change-Id: Iec493fc8ef27edee53f1d437cb0caaa78782f329
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3d92f4ea37e6785605a8d62f1971f2dfe4569638 29-Apr-2016 Svet Ganov <svetoslavganov@google.com> Only platform defined permissions need a review.

The only permissions a user can control for a legacy app in
runtime style without crashing the app are the ones defined
by the platform because we have app ops only for these and
also we contorl the access to data guarded by them.

bug:27102458

Change-Id: Ifd1350d056b4fe29739ab8fdc5cbea89fa2e4037
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8c2fb9edae4413074186e3d84ccff0eba41b2cae 28-Apr-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Introduce "unlocking" vs "unlocked" nuance." into nyc-dev
ce18c8167766f92856f94a8e88e19de4698960e6 28-Apr-2016 Jeff Sharkey <jsharkey@android.com> Introduce "unlocking" vs "unlocked" nuance.

There is a narrow window of time during user unlock where we're
reconciling user storage and dispatching the "unlock" status to
various internal system services. While in this "unlocking" state,
apps need to be told that the user still isn't actually "unlocked"
so they don't try making calls to AccountManager, etc.

The majority of internal services are interested in merging together
both the "unlocking" and "unlocked" state, so update them.

Clarify naming in AccountManagerService to make it clear that a local
list is being used, which mirrors the naming in MountService.

To match UX/PM requested behavior, move PRE_BOOT_COMPLETED dispatch
after the user is unlocked, but block BOOT_COMPLETED dispatch until
after all PRE_BOOT receivers are finished to avoid ANRs.

Bug: 28040947, 28164677
Change-Id: I57af2351633d9159f4483f19657ce0b62118d1ce
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9f013fe71ecf03c9c9696599ba82715d84e45365 28-Apr-2016 Jeff Hao <jeffhao@google.com> Merge "Some cleanup for <uses-library> change." into nyc-dev
07318065b22ba13ae003d7803a3e48e441f9f6e5 28-Apr-2016 Chris Tate <ctate@android.com> Merge "Make sure FIRST_LAUNCH is after PACKAGE_ADDED" into nyc-dev
bd784e961c560a2069e2df75fb17282013c198d2 28-Apr-2016 Jeff Hao <jeffhao@google.com> Some cleanup for <uses-library> change.

Addresses comments made in:
https://googleplex-android-review.git.corp.google.com/#/c/976512

Bug: 26880306
Change-Id: I382fb39f3bb5de5a03506f5526d909cf55530542
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5cf5578a457e448dda9fd47943e91f0f3b67690f 26-Apr-2016 Christopher Tate <ctate@google.com> Make sure FIRST_LAUNCH is after PACKAGE_ADDED

If an app undergoes restore during install, it is considered 'started'
and the FIRST_LAUNCH broadcast needs to go out. However, this must not
take place until after the restore operation has fully completed, in
order to avoid publishing the app's existence while it may still be in
an incoherent state. We now make this broadcast part of POST_INSTALL
in the restore case.

Bundled apps are in the 'started' state regardless, so no FIRST_LAUNCH
broadcast is ever sent for them -- this CL does not change that
existing behavior even in the case of setup-time data restore of
factory-installed packages.

Bug 28173625

Change-Id: Ibcc3758576662dc447b75476173a0d008a9fe4da
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8c57aeaa8f27423b843fa043fb86b0b57c906ead 21-Apr-2016 Sudheer Shanka <sudheersai@google.com> Allow any app to silently uninstall the orphan packages.

Bug: 28302564
Change-Id: If6f2111e35ec94c7eb5b80a08bbf63fd58698c27
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c7b9482b0c4bb2d378e63541b96be45c50094e05 16-Mar-2016 Jeff Hao <jeffhao@google.com> Support to pass <uses-library> option through to dex2oat.

This change takes an app's shared libraries specified by <uses-library>
and passes it through to dex2oat to be used during compilation.

Part of a multi-project change.

Bug: 26880306

(cherry-picked from 7b331b6a8ae8d9f10482b292439457de98abd32a)

Change-Id: I523b1b74775e7ed27072498509e743f1f10b1164
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
14e7acd58c8b4f9f2fd517cded5c4e3099fd5989 27-Apr-2016 David Brazdil <dbrazdil@google.com> Fix infinite loop during package-usage.list file upgrade

When upgrading from version 0 to version 1 of the file
'/data/system/package-usage.list', the PackageManagerService can get
stuck in an infinite loop if one of the listed packages does not
exist, e.g. because it had been uninstalled. Fix the issue by
refactoring the loop.

Bug: 28409278
Change-Id: Ia312bd0d04f696240445b710dd6a68b93c5d5946
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1415d267864cb7f6017abfb9359d8ea9302bcb64 27-Apr-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Don't hold lock when calling externally" into nyc-dev
97ef0e77afa3be6255b70c8567843ac298386251 27-Apr-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Don't override pre-release target sdk" into nyc-dev
fc5f6e6c80954c837a98d963789f6a30f3b87ad1 27-Apr-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Fix two multi-user bugs in package upgrade." into nyc-dev
d5e295f9192522176796271cb29558a53d37c875 27-Apr-2016 Todd Kennedy <toddke@google.com> Don't hold lock when calling externally

Wound up in a deadlock. We held mPackages lock and called the mount
service. This called into the AppOps service which tried to obtain
its lock. On another thread, we held the AppOps service lock which
called into PackageManager service and tried to take mPackages.

Ideally, we'd never hold an internal lock when calling externally.
In practice, that's not always fixable [for example, code change
would be too great to not hold the AppOps lock when calling into
the PackageManager service].

Bug: 28169075
Change-Id: If0a7f1361c7be9385b1f629f68ebc0556b08ab06
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b1072718130b998e6d25bc3358eefa62b4fa5a2d 27-Apr-2016 Todd Kennedy <toddke@google.com> Don't override pre-release target sdk

If a package targets a pre-release SDK [eg a letter version] it should not
be allowed to be upgraded by a release SDK [eg a number version]. If one
absolutely must upgrade to a release SDK, use the "--force-sdk" option
during install.

Bug: 28345311
Change-Id: Ic9fb209968e7c5da2c80c5ca4c0f44f5125f610a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e75c0b9873d56e2569d0c5dff78f8872b8c8e97f 27-Apr-2016 Jeff Sharkey <jsharkey@android.com> Fix two multi-user bugs in package upgrade.

When upgrading a package, we need to fill in the "origUsers" field
so that we can clone the installed state correctly. This was done
for child package, but never set for the parent package.

Also fix a bug where a secondary user requested a package to be
moved. Because that move was pushed onto a Handler, the calling
userId appeared to be the device owner instead of the user that
actually requested the move. (Later in the upgrade flow there is
code that force-installs the package for the requesting user.)

Bug: 26729822
Change-Id: I2d2a007c73558f29a3f8c1408ec373fce6e87761
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5da9dad2dd04586dbd665e6a73bfee1d0ed92a89 26-Apr-2016 David Brazdil <dbrazdil@google.com> Enable profile merging for post-OTA package verification

Currently post-OTA verification will attempt to compile with
'verify-profile' but does not merge the profiles prior to calling
dex2oat. As a result, we may miss some or all classes that need
verification.

Bug: 27688727
Change-Id: I1aa93cad2686513594cb37f6d3d181ae5c718d1d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
02179da30ecec5770341d42c0545f62b33b687ce 25-Apr-2016 Jeff Sharkey <jsharkey@android.com> Destroy both CE and DE data when corrupted.

When we find either a CE or DE data directory that has been corrupted,
destroy both CE and DE data together, since internal services like
AccountManager get confused if they find DE data without matching CE
data.

Bug: 28346537
Change-Id: Iaf3694c20e4664536af25a2afeb45fe8a90d8171
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5a91b615232374084a45752d7c09c25265e263ed 22-Apr-2016 Svetoslav Ganov <svetoslavganov@google.com> Merge "Disallow disable of the system shared libs." into nyc-dev
ca82e616d3131570bf2ee29778f4796f343720d5 20-Apr-2016 Brian Carlstrom <bdc@google.com> Add reasons to notifyPackageUse calls

This is so we can record more specific times in PackageUsage.
If file with only one timestamp per package is found, the value is
copied to all usage slots.

Bug: 27902702
Change-Id: I8affe43c735e54620a9204433aad367cfddfded7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
069ed7003b3de1f87d28413cc2debc9042386d3c 19-Apr-2016 Todd Kennedy <toddke@google.com> Merge "Always perform has code check" into nyc-dev
f720a9d91eb964b7772e3d42aae6bef83f531aac 15-Apr-2016 Todd Kennedy <toddke@google.com> Always perform has code check

Move code checking from the package parser and into the block
where we implement policy.

Bug: 28132476
Change-Id: Ie5cacacbf80289ff8d85acc5b57e58ea7216859c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
214bea1b599ba2deccfca6e72a77bf411c724696 19-Apr-2016 Jeff Sharkey <jsharkey@android.com> Ignore user serial numbers in core-only mode.

When booting in core-only mode, our data partition is a tmpfs which
doesn't support xattrs, so we can't set/enforce user serial numbers.

Bug: 28254840
Change-Id: Id83c551c7c603a4cd5043e06f7161441b2dfaa8b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fed6c65f2a05a75f75d0a258da214770ff9168de 18-Apr-2016 Jeff Sharkey <jsharkey@google.com> Merge "Iterate through all known users after moving." into nyc-dev
ad14b884f4110e03ec7b5ba7b913be25d19aa95c 18-Apr-2016 Jeff Sharkey <jsharkey@google.com> Merge "Consistent creation/destruction of user data." into nyc-dev
426e4206f9bd1eb2c16abc6ba36b1b88bc00b322 15-Apr-2016 Jeff Sharkey <jsharkey@android.com> Iterate through all known users after moving.

installd no longer supports USER_ALL when destroying app data.

Bug: 28174913
Change-Id: I23496eda7269ad1ad58007de0f44cb89a2291ecb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fcf1e55821b694df3b8434f40aa3b6d3c3e7ea50 15-Apr-2016 Jeff Sharkey <jsharkey@android.com> Consistent creation/destruction of user data.

Preparing and destroying users currently needs to be split across
installd, system_server, and vold, since no single party has all the
required SELinux permissions.

When preparing user directories on a storage device, always enforce
the serial number and destroy data if we run into a mismatch. When
deleting a user, write the updated user list first before we start
destroying data. Also start reconciling users on internal storage
at boot, so we can recover from stale data left behind from partially
destroyed users.

Check both CE and DE user directories when reconciling user storage
on a newly mounted storage device.

Bug: 27896918
Change-Id: I4536c82b0196e2720628c4f73fccb742c233350b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d022ac21ebcb441314b80b6d8f0656939f2480e5 13-Apr-2016 Todd Kennedy <toddke@google.com> Fix parse flags

Setting PARSE_IS_SYSTEM to the parse flags happens long after the
APK is actually parsed. So, we fail to pick up the boot aware and
protected storage attributes. Instead, always pull them from the
manifest, but, remove the flags if the package is not actually a
system package.

Also, we were incorrectly skipping certificate verification if
the flag PARSE_IS_SYSTEM was set. However, this flag is used for
_any_ system package -- whether it's physically on /system or if
it's an unbundled update. Instead, we should only skip this step
if the flag PARSE_IS_SYSTEM_DIR. We can implicitly trust any
APK actually stored in /system.

On a different note ... At some point, we will break apart the
parse flags into actual parse flags [i.e. those that change
physically parsing an APK] and policy flags [i.e. those that
change the interpretation of the APK contents].

Bug: 28116074
Bug: 28088617
Change-Id: I85246b0cb18fb5647df3618107910e288137fbc7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a9c2500a6863dabdd786f17a25ce0bf3683109a2 14-Apr-2016 Svetoslav Ganov <svetoslavganov@google.com> Disallow disable of the system shared libs.

bug:28173410

Change-Id: If731f2d90312a083bb940f83431ba3eccf213947
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4ef1982af8f6669b6ab0ea2468f63503bc3453c5 13-Apr-2016 David Brazdil <dbrazdil@google.com> Remove UsageStats post-OTA package update filter

Filtering packages for boot-time post-OTA update with
UsageStatsManager idleness API is too aggressive and leaves out even
apps used heavily in the foreground. Remove for now.

Bug: 27902702
Bug: 28161327

Change-Id: I7912f9ad5d8c6206c19068a76383e370d24818db
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fc5f9f512752ccf72707cc59927ad31f7828e1ec 13-Apr-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Don't kill apps when only clearing caches." into nyc-dev
7b6c731fd83d9dbb5b42021ac42f8164b64dbacc 13-Apr-2016 Jeff Sharkey <jsharkey@android.com> Don't kill apps when only clearing caches.

Bug: 28152575
Change-Id: I469e87a75ce7ce6ddfeb934e00f8087cddcaa30a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0a6a6dbe9107a3e31d74293f853b46ae0e5b9e7b 13-Apr-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Added api to delete cache files for a given user" into nyc-dev
78c9eb8947538f63d2e06684663d400991dfff8f 13-Apr-2016 Suprabh Shukla <suprabh@google.com> Added api to delete cache files for a given user

Added an api to delete application cache files for a specific user. This
allows settings to clear cache files for work profile apps as well.

Bug: b/25338468
Change-Id: I52d4944a7a03b6d63ad44dd6bb868aec62815eab
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2376f9d35f43db645a3f043cdfaa2f4fd3e27640 13-Apr-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Don't count system partition code against size." into nyc-dev
f8173ca8ac0efef39c79d732fd9eee80d1066302 13-Apr-2016 Philip P. Moltmann <moltmann@google.com> Set label for links to resolver activities.

Also: Add specific labels for capture-image-intent.

Fixes: 20134921
Change-Id: I3678def1089512a8340f19110645a03379c26cee
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
959586b9a9ca96a70c2232af0f99696a369d1b1d 13-Apr-2016 Jeff Sharkey <jsharkey@android.com> Don't count system partition code against size.

Bug: 28136734
Change-Id: I2b843b13c493bbf78c2ad9dd7d75faa302e3a11b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b53874e71459af4461d12fa626a39d02d98cf2b3 11-Apr-2016 Jeff Davidson <jpd@google.com> Merge changes from topic 'carrier-app-race' into nyc-dev

* changes:
Disable preinstalled carrier apps earlier in boot.
Move CarrierAppUtils into frameworks/base/telephony.
f86ce783c6726694ad9f6d5e9b5d3b58c3b7e09c 11-Apr-2016 Todd Kennedy <toddke@google.com> Merge "Add systrace for resolveIntent()" into nyc-dev
42cf25f735d0984e908bc30a948c631b39f2fd42 11-Apr-2016 Todd Kennedy <toddke@google.com> Merge "Don't allow userID changes on upgrade" into nyc-dev
ace80c56d7c63dadead34539b643f69a1b7336e8 11-Apr-2016 David Brazdil <dbrazdil@google.com> Retry compiling a previously failing package after update

BackgroundDexOptimizer (BDOS) keeps a list of packages it attempted
to compile but dexopt failed. Once such a package is put on the list,
it is never removed from it until reboot.

This CL modifies BDOS to accept notificiations from
PackageManagerService on recently installed packages and removes
their names from the list.

Bug: 28082762
Change-Id: I0c3d3f657bd3ff5f0a61dfeef1d8174ed7be0b74
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6a3b2d2bc63254a412eb546ed371fce8f4337434 08-Apr-2016 David Brazdil <dbrazdil@google.com> Refactor return values of performDexOpt

PackageDexOptimizer.performDexOpt would return DEX_OPT_PERFORMED if
dexopt succeeded on the package and DEX_OPT_SKIPPED otherwise, even
if dexopt failed. This patch fixes that and cleans up the code.

PackageManagerService.performDexOpt* would return true only if
PackageDexOptimizer.performDexOpt returned DEX_OPT_PERFORMED.
Consequently, it would return false when dexopt was not needed. This
patch refactors the code to return true unless PackageDexOptimizer
returns DEX_OPT_FAILED and documents the behaviour.

Bug: 28082762
Change-Id: Ica73e67ab02025ef5619746bb8c465c96b72846b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4288419787120ce85a241a4b315d7d2123aa2d4a 10-Apr-2016 Jeff Sharkey <jsharkey@android.com> Use inode numbers for CE storage.

Certain operations, such as clearing/destroying app data, or just
counting on-disk size, require us to know the CE storage directory
of a particular app. To facilitate these operations, offer a method
to get the inode of a CE directory, and accept that inode number
for later operations. Collect and store the inode number in
PackageUserState for future use when that user's CE storage is
still locked. This design means it's safe to clear/destroy app
data in both CE/DE storage at the same time.

Move most installd-related methods to a uniform calling convention
that accepts a single parent PackageParser.Package, and internally
fans out to handle all "leaf" packages under that parent.

In previous releases, we started installing apps using a new
directory-based layout, where all app code, unpacked native libraries,
and optimized code is bundled together. So now we only have a single
path to measure for code size. This fixes several outstanding bugs
that were causing sizes to be miscounted for apps supporting multiple
architectures.

Fix a subtle bug in PackageSettings that would cause "notLaunched"
to be parsed incorrectly.

Bug: 27828915, 27197819
Change-Id: Ia582cf3550553292bde4bb4313367111332913ec
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d4041db120d7500e73e0132b03dfeffb84d402f5 09-Apr-2016 Jeff Sharkey <jsharkey@android.com> More freezing of apps when doing surgery.

We're still hearing rare reports of apps running while the system
is trying to do surgery on app code/data. To fix this once and for
all, start guarding all PackageManager critical sections by freezing
and then killing the app before doing surgery.

This is done by introducing a new PackageFreezer class which can be
used in try-with-resources blocks. It also handles child packages
uniformly, and it uses CloseGuard to defensively un-freeze packages
if a caller leaks without closing.

The set of frozen packages is now maintained outside of PackageSetting
to support newly installed packages. Add docs for the various locks
and method syntax conventions, including the new "LIF" syntax which
indicates the caller is responsible for freezing the package being
worked on.

Bug: 27698554
Change-Id: I64c4c48123060ccb4d4c50c2fbf3ef223c01e659
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c289922beed948220bc876feb5929ab4f86096e9 08-Apr-2016 Todd Kennedy <toddke@google.com> Merge "Fix NPE for MATCH_FACTORY_ONLY" into nyc-dev
421d8f5fab1c4f1729d735935264d6fc3054a073 08-Apr-2016 Todd Kennedy <toddke@google.com> Fix NPE for MATCH_FACTORY_ONLY

Bug: 28087606
Change-Id: Ib86c5189aa9a9ca87504625dd19bdeab56fd4967
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f7593344ddb9739df629783482aba81da984ffa0 08-Apr-2016 Todd Kennedy <toddke@google.com> Don't allow userID changes on upgrade

Changing userID's on upgrade lead to all sorts of bad behaviour, so,
don't allow it.

Bug: 28075981
Change-Id: I4861603f4607d7bd85fa24951a62a00dadd6eeec
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cea732185fd1b8560a3732116b6092975c254437 08-Apr-2016 Selim Gurun <sgurun@google.com> Merge "Corrections to processing abioverride flag" into nyc-dev
b4e39f5b2fcb74259a0a33ac4ad3d07a0073204f 08-Apr-2016 Sudheer Shanka <sudheersai@google.com> Merge "Prevent apps from uninstalling packages that are not installed by them." into nyc-dev
8f035a3c1725570c0932d64ec45b999fd12fcd86 08-Apr-2016 Svetoslav Ganov <svetoslavganov@google.com> Merge "Make ext libs a part of AOSP and mandatory" into nyc-dev
5c8acb4380874d7793ba4e44fd3f7baa9a0cb692 08-Apr-2016 Selim Gurun <sgurun@google.com> Corrections to processing abioverride flag

Bug: 28043974

One of the parameters to Settings class wrongly passes the secondaryCpuAbi
as CpuAbiOverrideString causing mayhem for multiarch libraries. Use the
correct param.

Further, for multiarch, the cpuabioverride flag is ignored. Remove the
check for cpuabioverride when checking for use32bitabi flag.

Change-Id: I7eff057031e3ddb18fcce6f380658a522af8b64d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
828166bca4b21c38e59c1d6d651555095dee33a3 08-Apr-2016 Svetoslav Ganov <svetoslavganov@google.com> Make ext libs a part of AOSP and mandatory

bug:27698377

Change-Id: Ic98d18f90f9b735e49ff6a7801835b6432ec86de
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e68b127525c23e8e0cbe1e9dee75534d99e2833d 07-Apr-2016 Jeff Davidson <jpd@google.com> Disable preinstalled carrier apps earlier in boot.

Preinstalled carrier apps start in state DEFAULT (== ENABLED); the
telephony stack marks them as DISABLED_UNTIL_USED during
initialization, and eventually ENABLED once a SIM for that carrier is
inserted.

However, this can cause a race as telephony initialization may happen
after the carrier app is started, while it is still in the DEFAULT
state. In this case, the app is disabled, and though PackageManager
will subsequently kill it, this may lead to a race as the app will
briefly remain running while disabled. In this state, crashes are
likely to occur in the app.

So, make sure we perform the first disable as soon as PackageManager
is ready. This ensures the app is not started until it has been
explicitly enabled.

Bug: 27821069
Change-Id: I771d7dde7880fd98b1df3d011be44164abf402f4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9d8da4cdf182643cd015bbf7a8ae1da9e53eb8b4 07-Apr-2016 Todd Kennedy <toddke@google.com> Merge "Only parse an APK once" into nyc-dev
70f08d9eb176b47568b92c9486c2ac702911a864 07-Apr-2016 David Brazdil <dbrazdil@google.com> Merge "Do not update idle apps on OTA" into nyc-dev
d9d438ac4e851275abb4ddc6671f74701e07b4fc 06-Apr-2016 Todd Kennedy <toddke@google.com> Only parse an APK once

During package installation, we were parsing the APK twice; once
in the context of the PackageInstaller and once in the context
of the PackageManager. Instead, the installer should just pass
the certificates to be used further in the process.

If the PackageManager doesn't receive certificates [or, if there's
an error using them], it will fallback to re-parsing the APK.

Bug: 27502465
Change-Id: I94ce551af54eaa9916228e933134debe50867d21
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
29283375831d6ccf04b60d02af03e4268d79c454 05-Apr-2016 Sudheer Shanka <sudheersai@google.com> Prevent apps from uninstalling packages that are not installed by them.

Bug: 27404193
Change-Id: Ib8868d6522fc3e41526c6909fc6ea531f344e676
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e11eb10e8d994b49e6e04cd14fccb402f8f48ec9 06-Apr-2016 Russell Brenner <russellbrenner@google.com> Merge "Match SUW package after FBE reboot" into nyc-dev
4bb80305fbb1e9552392b139ba367317d8dffba2 06-Apr-2016 Todd Kennedy <toddke@google.com> Merge "Move cert tracing to PackageParser" into nyc-dev
0f4bc2b8002b927290dc84403bb0255e4c4a9079 06-Apr-2016 Todd Kennedy <toddke@google.com> Move cert tracing to PackageParser

Tracing for cert collection in PackageManagerService was only
catching one of a couple usages. Move tracing lower in the
call stack to ensure tracing exists for all calls.

Also added a new tag to differentiate between verifying v1 & v2
signatures.

Bug: 27502465
Change-Id: Ie29f326e44f32cdbea1572714689c82f07ca12ba
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d69c9e7efbb4983527acf5c4feca9d1fde7b611d 06-Apr-2016 Russell Brenner <russellbrenner@google.com> Match SUW package after FBE reboot

Add MATCH_DIRECT_BOOT_* flags when querying for SUW package.

Bug: 28027590
Change-Id: Ibd454340053ce24299f316e92cd6ec6b350d695e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ae4cde1ccebd41c9ca1af555c0a1a2580c3d7e1c 06-Apr-2016 David Brazdil <dbrazdil@google.com> Do not update idle apps on OTA

Modifies the PackageManagerService.updatePackagesIfNeeded to filter
out packages which are considered idle by the UsageStatsManager.

Bug: 27902702
Change-Id: I8847dfc283e0246265009effb6394bb774848eb3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0fd0f893dd5fc45f14ef1c33f359cd7fcbb52432 06-Apr-2016 David Brazdil <dbrazdil@google.com> Re-enable Optimizing apps dialog

Bug: 27350503
Change-Id: I98ae03571817792265780c9283b395c323638e14
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
40ccfdd831ce76e2f1df84a9d4b865f5cf8b65aa 04-Apr-2016 Alex Klyubin <klyubin@google.com> Permit package downgrades on debuggable platforms.

This is to make it easier to test on debuggable builds. Debuggable
platform builds trade off being as close as possible in behavior to
non-debuggable builds and being more testable/debuggable. Thus,
debuggable platform builds make no security guarantees and it is thus
acceptable to disable this security mechanism on debuggable platform
builds to help with development/testing/QA.

Bug: 27327503
Change-Id: I19340b95f08c57ff2aba59a08babb6a941c93c3a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6dffdf82857e4016c6fb953039b0508cb1fd0f71 04-Apr-2016 Todd Kennedy <toddke@google.com> Merge "Fix intent filter priorities" into nyc-dev
893e097157c68d94dbcb22e21cbc8d3b39965670 04-Apr-2016 Svet Ganov <svetoslavganov@google.com> Kill app if revoking a permission while resetting app prefs

bug:25895994

Change-Id: I78616ab5f9addbd91d2f4d12a8161544f482ec43
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5585dd971e265cbb3a515bb759710646c5bc6f63 29-Mar-2016 Todd Kennedy <toddke@google.com> Fix intent filter priorities

There are now three rules that guard intent filter priorities:
1) Only privileged applications will be granted a >0 priority
filter [previously, _all_ system applications could do this]
2) There are certain actions that are considered protected [eg
ACTION_VIEW, ACTION_SEND, ...] and even privileged applications
will NOT be granted a >0 priority filter. There is one, and
only one, exception for the SetupWizard.
3) Updates will NOT be granted a priority greater than the priority
defined on the system image.

Bug: 27450489
Change-Id: Ifcec4d7a59e684331399abc41eea1bd6876155a4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7efb7eff63ba7c57de918afba9140d74a816ecc6 01-Apr-2016 Todd Kennedy <toddke@google.com> Add systrace for resolveIntent()

Bug: 27792581
Change-Id: I2dfd362c1e04c124827118e3822536832e79b537
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3ccb35421d642e96048d5cdeb60043634933267d 01-Apr-2016 Russell Brenner <russellbrenner@google.com> Merge "Add new protection level for setup wizard" into nyc-dev
02424676c68e23f44432ef0e379d65ddd9c3a786 01-Apr-2016 Todd Kennedy <toddke@google.com> Merge "Allow retrieving info /system components" into nyc-dev
b23346639b66783c1662fd8ffa5345ef5cef336c 23-Mar-2016 Russell Brenner <russellbrenner@google.com> Add new protection level for setup wizard

Adds PROTECTION_LEVEL_SETUP, a privileged permission for use only by
the setup wizard.

Bug: 20016740

Change-Id: Ib95e349c54d5d12465bf43162975dfb628ef2434
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d6ee0ba57906f83f45ca2a2cd835d7ff6e7a88df 01-Apr-2016 Todd Kennedy <toddke@google.com> Allow retrieving info /system components

Generally we return info for the latest installed package; which could
either be a built-in [i.e. on the /system partition] package or a user
updated package. In certain circumstances, we want to be able to get
the version on the /system partition regardless of whether or not the
user has updated it. We do this by passing MATCH_FACTORY_ONLY to
getPackageInfo().

Bug: 27469181
Change-Id: I8dd1d110e2d72e5c6f024812d0b5d15d8b217347
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aa604694450539b4c99901b0714efaa79db3c87d 31-Mar-2016 Andrei Stingaceanu <stg@google.com> Merge "AfW - suspend apps - API polish" into nyc-dev
2c0ae91f2d22b2c9a3b506d3a7f60bc31f72c57d 31-Mar-2016 Jeff Sharkey <jsharkey@google.com> Merge changes Ifecff4f1,Ia302de46 into nyc-dev

* changes:
Make preferred activities direct-boot aware.
Make Parcelable classes final, API cleanup.
0436b1d5a21a2f42d77992a4429f01601676d3e8 31-Mar-2016 Jeff Sharkey <jsharkey@android.com> Make preferred activities direct-boot aware.

When matching a list of ResolveInfo against the preferred activity
list, we shouldn't mutate the preferred set based on activities that
might be hidden due to the user being locked.

Bug: 25578136
Change-Id: Ifecff4f11c7fddef3eed04325d396f7c43d6703a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1bd064f04b77f2f1ba5edd487372887753a49ac6 30-Mar-2016 Andreas Gampe <agampe@google.com> Merge "Package Manager: Remove force-compile on boot" into nyc-dev
ecb34651be8b69de5aaedf9a9651d366e336d3a3 30-Mar-2016 Andreas Gampe <agampe@google.com> Package Manager: Remove force-compile on boot

With ART commit d1537b569b6, the underlying issue is fixed.

Bug: 27618311
Bug: 27676766
Bug: 27693977
Bug: 27915086
Change-Id: Ib6e85e47daf3d2ceab1e5abe615610790ac6947f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b67b5b9f3c947fc6d835459f0e880eb5fcaad50b 30-Mar-2016 David Brazdil <dbrazdil@google.com> Merge "Move OTA package update before fstrim, hide "Optimizing apps" dialog" into nyc-dev
f5c444ffd4fdce4fab939fcd88f163288dc804c5 30-Mar-2016 David Brazdil <dbrazdil@google.com> Move OTA package update before fstrim, hide "Optimizing apps" dialog

This patch moves the updating of packages before performing fstrim,
which runs asynchronously anyway, and stops showing the UI dialog.

Bug: 27350503
Change-Id: I6fceda10d7696f9badb97978fb9dc7927d698a4b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d65bdcad08c3b2df041136db75ab686e666196ec 30-Mar-2016 Calin Juravle <calin@google.com> Merge "Fix profile deletion in package manager" into nyc-dev
b52a461851f322b0edf3cb9383da5f449b533311 21-Mar-2016 Michal Karpinski <mkarpinski@google.com> Moving app process logging from AMS to PMS

Bug: 26796347
Change-Id: I21894c2edb41929f6ecd3880667c53e00acef677
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2d71f41beab55fdc038f07ec109e4223fb162343 28-Mar-2016 Calin Juravle <calin@google.com> Fix profile deletion in package manager

- there's no need to call deleteProfiles during uninstall. The app data
will be destroyed and profile clean up is part of that process. This
allow profile data belonging to other users to survive.
- the 'destroy' if-then-else branches were reversed.

Bug: 27081617
Bug: 27896463

Change-Id: I5b532a5fd6fea1852f0e6920d4e024bd43f9f99a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
efc4a344a173ae20ec72b8c05c45b794687fda87 22-Mar-2016 Andrei Stingaceanu <stg@google.com> AfW - suspend apps - API polish

* renamed getPackageSuspended => isPackageSuspended
* does not return false for an error, instead throws
NameNotFoundException if the package could not be
found, or if there is an unknown RemoteException,
wraps it in a RuntimeException and rethrows.

Bug: 27532430
Bug: 22776761
Change-Id: Iee00600089b1c0556a3312b10456826464fa8f9f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fc41ea320f203afa182c7f5816b2ae8072132dd1 26-Mar-2016 Andreas Gampe <agampe@google.com> [STOPSHIP] PackageManager: Add package setting flag for N upgrade

First upgrade to N level needs to compile apps with the first-boot
reason, as profiles are missing. The SDK level check does not work
for the preview, as the version is not incremented, yet.

Add a flag to the package settings to track the status.

Note: STOPSHIP, this will be reverted before release.

Bug: 27689078
Bug: 27872764
Change-Id: Ifd460d5235348f041ef64c9b61068af47113ddcb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b5e72702e4ddfaba9f3d723446e60408e169800b 28-Mar-2016 Jeff Sharkey <jsharkey@google.com> Merge "Freeze apps during upgrade, check if uninstalled." into nyc-dev
c9b329ed8e422d7be0717b41efc2007493d71504 28-Mar-2016 Jeff Sharkey <jsharkey@android.com> Freeze apps during upgrade, check if uninstalled.

When an app is actively being upgraded, mark it as being "frozen"
to prevent it from being launched in a weird state. Also verify that
app is actually installed before letting Zygote fork it, working
around race conditions during user setup.

When the ProcessRecord of an ActivityRecord is inconsistent,
warn about it, but correct it and keep moving if the UIDs match.

Bug: 27200022, 26205678
Change-Id: I6628cf1cece5613f07647e0acc2d49265e69dc69
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6823f6d038c296cadda20e0b8d75ae08cbf677c3 26-Mar-2016 Andreas Gampe <agampe@google.com> PackageManager: Introduce first-boot dexopt reason

On first boot and when upgrading to N, there are no profiles for
apps. Add a new dexopt reason to allow to adjust the compiler
filter for this case.

Bug: 27689078
Change-Id: I7d68e02fe129c8dd12cb210df555bbb6dfc1487b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e1cf49e0d7b82f3e8486663b44cf4be419d207c4 25-Mar-2016 Calin Juravle <calin@google.com> Merge "Delete app profiles only during updates and uninstalls" into nyc-dev
43fc2447df2354fcb7b843a86b1c266946ca5702 25-Mar-2016 Andreas Gampe <agampe@google.com> PackageManager: Move compilation reasons to PMS

Move the reasons to PackageManagerService (making them public) so
they can be used by clients.

Bug: 27189430
Change-Id: I30e1f823f9297e95c5b1e389004a4fd3052d5702
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bdd30d86ef98456161069d11481b2ccd25a11b4e 20-Mar-2016 Andreas Gampe <agampe@google.com> Frameworks/base: Refactor package manager

Introduce a mapping between dexopt reasons and compiler filters. Use
reasons in package manager and other classes, where possible.

Change PackageDexOptimizer to accept a compilation filter. Adapt for
the split-out profile merging. Pass compilation filter to installd.

Bug: 27689078
Change-Id: I8c0ea6f10fbfdbd096adecc52abfd2466d048fdc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d6d27e3afb9046b4d5041c9ae484054b175fca39 23-Mar-2016 Calin Juravle <calin@google.com> Delete app profiles only during updates and uninstalls

Apps code doesn't change across OTAs so keeping profiles alive will help
have a base for OTA time optimizations (e.g. verify based on profiles to
speed up app startup).

Split claring and destroying the profiles in two different methods,
consistent to how application data is cleared/destroyed.

Bug: 27081617
Bug: 27688727
Change-Id: Ie375499075be990f4f046c8cc2029d80321d5eb5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8a8e68ce3b2b84174661dda1eb089db80c853b65 22-Mar-2016 guoyin.chen <guoyin.chen@freescale.com> com.android.cts.appsecurity.AdoptableHostTest may trigger below dead
lock in system_server in the board with external adoptable storage
as below stack:

"Binder_4" prio=5 tid=60 Blocked
at com.android.server.pm.UserManagerService.exists(UserManagerSer
vice.java:411)
- waiting to lock <0x06858aff> (a android.util.ArrayMap) held by
thread 19
at com.android.server.pm.PackageManagerService.checkUidPermissio
n(PackageManagerService.java:3193)
at android.app.ActivityManager.checkComponentPermission(ActivityM
anager.java:2647)
at com.android.server.pm.UserManagerService.checkManageUsersPermi
ssion(UserManagerService.java:678)
at com.android.server.pm.UserManagerService.getUsers(UserManagerS
ervice.java:272)
at android.os.UserManager.getUsers(UserManager.java:966)
at com.android.server.MountService.resetIfReadyAndConnectedLocked
(MountService.java:800)
at com.android.server.MountService.forgetAllVolumes(MountService.
java:1806)
- locked <0x077010cc> (a java.lang.Object)
at android.os.storage.IMountService$Stub.onTransact(IMountService
.java:1859)
at android.os.Binder.execTransact(Binder.java:453)

"PackageManager" prio=5 tid=19 Blocked
at com.android.server.MountService.getVolumeList(MountService.jav
a:2708)
- waiting to lock <0x077010cc> (a java.lang.Object) held by threa
d 60
at android.os.storage.StorageManager.getVolumeList(StorageManager
.java:883)
at android.os.Environment$UserEnvironment.getExternalDirs(Environ
ment.java:83)
at android.os.Environment.isExternalStorageEmulated(Environment.j
ava:719)
at com.android.server.pm.PackageManagerService.isExternalMediaAva
ilable(PackagkageManagerService.java:9453)
at com.android.server.pm.PackageManagerService.startCleaningPacka
ges(PackageManagerService.java:9493)
- locked <0x06858aff> (a android.util.ArrayMap)
at com.android.server.pm.PackageManagerService$PackageHandler.doH
andleMessage(PackageManagerService.java:1331)
at com.android.server.pm.PackageManagerService$PackageHandler.han
dleMessage(PackageManagerService.java:1133)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:148)
at android.os.HandlerThread.run(HandlerThread.java:61)
at com.android.server.ServiceThread.run(ServiceThread.java:46)

Signed-off-by: guoyin.chen <guoyin.chen@freescale.com>
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8a372a0a280127743ce9a7ce4b6198c7a02d2a4f 16-Mar-2016 Jeff Sharkey <jsharkey@android.com> Refactoring FBE APIs based on council feedback.

Mostly consists of removing the word "encryption" from most APIs,
since we can't actually make promises about the data being encrypted.

Bug: 27531029
Change-Id: Iace9d7c4e64716abf86ed11847c40f3947e1d625
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f9124ecad9ec20f572df8cdca6f985ef3f97210d 17-Mar-2016 Benjamin Franz <bfranz@google.com> Merge "Flush package restriction changes for a user." into nyc-dev
4828a59d68570270875d43d29b1ee25b799a923d 16-Mar-2016 Makoto Onuki <omakoto@google.com> Add "pm set-home-activity"

This is needed to change the default launcher on CTS for
ShortcutManager.

- When the default set with DPM.addPersistentPreferredActivity() is
still stronger.

- Ideally we should unify the code with HomeSettings, but I couldn't
find a good way to do this.

- I didn't make it to work to set the default for any intents
because building an intent filter from a command line would be
painful.

Bug 27548047

Change-Id: I66b153c20c7796147f77214b483112629f9d80c5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bbb3ff2b2a29d42771a9ce2fe2d6f576cff62617 09-Jul-2015 Sudheer Shanka <sudheersai@google.com> Flush package restriction changes for a user.

Change-Id: I7c4481f820b6b368487d00de6c783e64cec99f4b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
49f6fbcd1f516ec543ada6aeab62eb51a3cdf712 14-Mar-2016 Makoto Onuki <omakoto@google.com> Merge "Implement the launcher side permission." into nyc-dev
2d5b465fa9235e66ec176f6d6ffaaa0c18143e41 12-Mar-2016 Makoto Onuki <omakoto@google.com> Implement the launcher side permission.

Only the default launcher can call the LauncherApps shortcut APIs.

Bug 27548047

Change-Id: I6d597fcad80c5201a2f93b8cbecd567fc79926d8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fb5f2e572a5756c1213d1c9852ff55c5fd49e9ac 14-Mar-2016 Andreas Gampe <agampe@google.com> Merge "Frameworks/base: Extract packages after cache pruning" into nyc-dev
d7f9220a7cb7ea3b219c18a7ccd44b080fb23a39 12-Mar-2016 Andreas Gampe <agampe@google.com> Frameworks/base: Extract packages after cache pruning

In case the runtime pruned the dalvik cache on boot, run the package
extraction logic, so we have working oat files.

As the system server only runs in the primary ABI, this is best effort
and won't hit if only the secondary ABI has been pruned.

Bug: 27618311
Change-Id: I178d18d731a9dce5cb11ed0874c9c9c9d36d7d8e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ab5ba2ef2a08440193d76cf2eb1fa8537394e44d 14-Mar-2016 Robin Lee <rgl@google.com> Specifically block suspending the package verifier.

Bug: 27635033
Change-Id: I65684239e0c1bcd710753ec76e436328a33f0967
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
20be5d62471d520eed3a52d90c11944464a71c07 26-Feb-2016 Paul Lawrence <paullawrence@google.com> Add API to IMountService to get encryption state

Bug: 18002358
Change-Id: If7d9c9a5ed38ac37849fcf638ec10c76d2f419a1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9aa6db03f0a317b8414af760b8b1ee6331bedc46 08-Mar-2016 David Brazdil <dbrazdil@google.com> Add option to clear profile data to 'cmd package compile'

Adds an option which clears all profile data of a given package.

Bug: 27516490
Change-Id: Ie83ef1f06ca47d35ffb206c29341dc68166afeb3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
990fb6b5c91be62078a698ee1c01e24d33364c85 01-Mar-2016 David Brazdil <dbrazdil@google.com> Add option to compile all packages with 'cmd package compile'

To help investigate performance regressions, an option is added to
'adb shell cmd package compile' to compile all packages with the
given mode.

Bug: 27391290
Change-Id: I70a3a518e08b54535bb34f13f0cedda3a1f7085f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fdc5ba8f43e09cfbc8f5de0bf819b7684094953e 05-Mar-2016 Jeff Sharkey <jsharkey@google.com> Merge "Move more PM calls to ParceledListSlice." into nyc-dev
d5896630f6a2f21da107031cab216dc93bdcd851 05-Mar-2016 Jeff Sharkey <jsharkey@android.com> Move more PM calls to ParceledListSlice.

Since the data returned by these calls can grow unbounded based on
various GET flags, we need to switch 'em over.

Bug: 27391893
Change-Id: Ie849ca30dbaaa91158da4c83675657715629a0ee
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e1fd7f09d5149055b8ad7bcf24846ecd8d87027a 04-Mar-2016 Suprabh Shukla <suprabh@google.com> Merge "Not clearing data for a package that is a DO or PO" into nyc-dev
d04525214b9a999339cd553a22b95b52debecde5 02-Mar-2016 Suprabh Shukla <suprabh@google.com> Not clearing data for a package that is a DO or PO

Added a check inside PackageManagerService to make sure data for a
package with a DO or PO for the running user is not cleared. Currently,
the 'pm clear' command goes through without any such checks.

Bug: b/27243904
Change-Id: I87d4ad2db031f47946f34627a5ee465ef144f85e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0fe4945006fe6c4f5c518dde57728af1c99cb0b3 04-Mar-2016 Andreas Gampe <agampe@google.com> Merge "Frameworks/base: OtaDexopt needs to move artifacts on boot" into nyc-dev
e8498cd0066113068f2b0294144837546f213bd1 03-Mar-2016 Todd Kennedy <toddke@google.com> Merge "Splits without restart" into nyc-dev
abcbe2f62e6278d8aeb0b8c302d23aeae59899d4 26-Feb-2016 Andreas Gampe <agampe@google.com> Frameworks/base: OtaDexopt needs to move artifacts on boot

Make OtaDexoptService a bootstrap service. It needs to start
immediately after the PackageManagerService so that it can move
A/B artifacts into their new place.

Add a method to Installer for the move.

Bug: 25612095
Change-Id: Idcf759b3c947088b416d54d2fa269ef27daf93ab
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0c9ef61944e883219dd167f765a504ab8cdb7710 03-Mar-2016 Calin Juravle <calin@google.com> Merge "Better handling of various types of compilation in DexOptimizer" into nyc-dev
925cc2a066889bb8b02493fafd5344bf8b2e9136 03-Mar-2016 Jeff Sharkey <jsharkey@android.com> More protected broadcasts!

Bug: 26144973
Change-Id: I56f047d7e4b9d7bcf1ac40c98ee381badd909057
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
693f997cc8b8c2ba8d3ed29627b2641dd86392a5 25-Feb-2016 Calin Juravle <calin@google.com> Better handling of various types of compilation in DexOptimizer

From the runtime perspective extract-only/profile-guide-compiled/fully-
compiled oat files are up-to-date and don't need dex2oat. However,
wihout knowing the exact "class" of the aot file we are not able to do a
full compilation of something previously only-extracted, or limit
profile-guide compilation to only previously profile-guide or extract-
only oat files.

GetDexOptNeeded now accepts a mask of desired types of compilation
that the runtime takes into account when advising what's needed.

This CL adds the necessary handling in DexOptimizer.

Also:
- removes the contraint to use extract-only oat files only when
profiles are enabled.
- removes mDexOptPerformed which interfere with the different types of
compilation and only saved a call to GetDexOptNeeded.

Bug: 27189430
Change-Id: Iced2bdcc3aa7866ff888a3bace43f4b71fffb353
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
39bfee5e3674faea992c32204abc1c03429b8cda 24-Feb-2016 Todd Kennedy <toddke@google.com> Splits without restart

In specific cases [as determined by the installer], we can install
splits without restarting the application. The split must be purely
additive [i.e. it should not modify class(es)/resource(s) defined
in the base or other splits. Otherwise, the behaviour could be
inconsistent [e.g. if a modified class was already loaded, the
modified version won't be loaded until the process is restarted].
The platform does not perform any verification that the split is
purely additive.

Bug: 26463098
Change-Id: I3526c3b1b847a8e0afabc7a4787fa770422196b7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f7d47f91feeffb75761b339cb14c631cc18d3728 02-Mar-2016 Jeff Sharkey <jsharkey@android.com> Start unaware persistent apps after user unlocked.

Otherwise we'll never start them. In particular, this fixes NFC.

Bug: 27360562
Change-Id: I9d430b1e377e63b35060b234f585ac180a369ad2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4f858aaa5a7ef493e79e6d35a8d526f5d8de97e9 01-Mar-2016 Todd Kennedy <toddke@google.com> Merge "Revert "Revert "Remove deprecated methods / classes""" into nyc-dev
c453905afc9c4c320ac599b748d89fbb85c3e079 01-Mar-2016 Fyodor Kupolov <fkupolov@google.com> Merge "Fixed handling of blockUninstall setting" into nyc-dev
5fea67e88e9c5a98a047546af87ecfce01d48298 01-Mar-2016 Amith Yamasani <yamasani@google.com> Merge "Heed user shell restriction for pm calls" into nyc-dev
a67932374dbbfbe4c6440d223fc7922b313dd957 24-Feb-2016 Todd Kennedy <toddke@google.com> Revert "Revert "Remove deprecated methods / classes""

This reverts commit 5cbeb5902633646fbc0a1be252081e77aaaee7b4.

Change-Id: Id96010364d65e6131221ebbcc8ce5889a2da256c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c4967e71614c46a860564d60dda34bf8b928bd3e 19-Feb-2016 Fyodor Kupolov <fkupolov@google.com> Fixed handling of blockUninstall setting

Previously, if one user has blockUninstall, it will block uninstalling
the package for all users. Now the package is uninstalled for all users,
excluding the ones that have blockUninstall setting.

Bug: 24616123
Change-Id: Ie4a68ef97fbef4711b18ccd311e39f32ab4b8efe
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5ebdefd0dbfb1861858b33efd729e6114e67d888 01-Mar-2016 Amith Yamasani <yamasani@google.com> Heed user shell restriction for pm calls

Make sure that a restricted user cannot use adb shell commands
to grant/revoke runtime permissions.

Bug: 27418014
Change-Id: I518b09f56ca7d77cc2bfa1d0b4faaf129e19000d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6ac25c5641f7ce1ccb5387e69210d0d3d21b515d 29-Feb-2016 Svet Ganov <svetoslavganov@google.com> Fix uninstalling apps with damaged/gone APK files

bug:27394497

Change-Id: I0d0317f2d7168be4412a24d34a9f23f04c6d8601
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ca6abfd9d6c815053a89cf5c2bac11375b7de487 29-Feb-2016 Jeff Sharkey <jsharkey@android.com> Delay migration until after user is prepared.

We don't have a vold connection early in the PackageManagerService
constructor, so we can only migrate the system user at boot. We now
migrate other users only after they're explicitly unlocked by
UserManagerService.

Bug: 27330415
Change-Id: I29f21714acf65a598b8df496af0f7d2cb1d247c4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b15a71913eaea4d2e7063437b3d1a8db5d98c221 28-Feb-2016 Jeff Sharkey <jsharkey@android.com> Avoid NPE when deleting package during boot.

Bug: 27314561
Change-Id: I7cf854a9db6224ad927ca8c9b4c2641b2841fe7e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e6ddf45e6b78c83a60a050f3999eab86f712a403 25-Feb-2016 Fyodor Kupolov <fkupolov@google.com> Merge "Call prepareAppDataAfterInstall without mPackages lock" into nyc-dev
3fb5b5d29c1cdb2ec094da6eff37ee6298470bbd 25-Feb-2016 Fyodor Kupolov <fkupolov@google.com> Call prepareAppDataAfterInstall without mPackages lock

prepareAppDataAfterInstallInternal may call into ActivityManager which will
try to obtain a lock in a reversed order, which causes a deadlock.

Bug: 27336728
Change-Id: I91bb74cd06c6aa6cee057bab5972b0275d12125b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
86ea8f002c921921ae2e3f205e0e7d48c1e375a7 23-Feb-2016 Andrei Stingaceanu <stg@google.com> Suspend packages - decline suspending privileged apps

Because there is a high risk of making the system instable.

Bug: 22776761
Bug: 26949256
Bug: 26949428
Bug: 26683041
Change-Id: I73b3f05c13b5023db5176e709320ca6e2e5f6354
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c008d3f196da804eada77e00119addf2a08544de 25-Feb-2016 Alex Klyubin <klyubin@google.com> Merge "Disallow downgrading of non-debuggable packages." into nyc-dev
fe01ea05dd196acaf95a61e169f6b75654ae0875 24-Feb-2016 Todd Kennedy <toddke@google.com> Merge "Revert "Remove deprecated methods / classes"" into nyc-dev
5cbeb5902633646fbc0a1be252081e77aaaee7b4 24-Feb-2016 Todd Kennedy <toddke@google.com> Revert "Remove deprecated methods / classes"

This reverts commit 9706c01f9b92cee64bb84782138735225c8588e0.

Change-Id: I14c53ab140220e48f6728b1173ea58760bbeb7f9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
921dd754ab49df0cd580ff96503f7616c4c85f4a 24-Feb-2016 Alex Klyubin <klyubin@google.com> Disallow downgrading of non-debuggable packages.

An attacker could downgrade a package to an older version with known
security vulnerabilities and then use some of the vulnerabilities to
access the application's data. This would constitute a bypass of
Android Application Sandbox. Thus, downgrading while keeping
application data is no longer permitted.

To help developers debug their apps, packages marked as debuggable can
still be downgraded while keeping their data. This does not put the
installed base at risk because, as a security measure, most
application stores reject packages marked as debuggable.

To downgrade a non-debuggable (i.e., release) package, uninstall the
package (thus wiping its data), then install the older version of the
package.

Bug: 27327503
Change-Id: Iac75ed3c3831b5d925dfd8b660527cfa95813da8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fe939916a6d9bd092b782e6fd21856b574467d88 24-Feb-2016 Tony Mak <tonymak@google.com> Merge "Fix personal apps are not shown when tapping "personal" in activity chooser" into nyc-dev
ca67844e0c6b564970b8d329009c0d110888a3fc 24-Feb-2016 Todd Kennedy <toddke@google.com> Merge "Remove deprecated methods / classes" into nyc-dev
53ec2b6127255c9cd556be55265b4ec53aeb65bc 24-Feb-2016 Tony Mak <tonymak@google.com> Fix personal apps are not shown when tapping "personal" in activity chooser

It is introduced in ag/842541.
function isMatch return flage when Flag that are neither
MATCH_ENCRYPTION_AWARE and MATCH_ENCRYPTION_UNAWARE.

We should call updateFlagsForResolve before resolving any intent in order
to make sure the flag is set properly.

Bug: 26614039
Change-Id: I4da34a34cb515557d0f5948a4c9ec4da9bfeb3f4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d6fd63d47f97d069821c1c761e36c7904a22b3fb 12-Feb-2016 David Brazdil <dbrazdil@google.com> Revive the "Optimizing apps" dialog

Since we do spend some non-trivial time extracting APKs at OTA, we
should show a descriptive dialog. Currently the screen would read
"Optimizing storage" which is misleading.

bug:26813999

Change-Id: I4954e3b486840b5d806db8b45242fdc8ca9d0379
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5eb148bab6ea49c4c646649692ae6769b9c4e54c 19-Feb-2016 Yohei Yukawa <yukawa@google.com> Merge "Stop granting default Contacts permission to IMEs." into nyc-dev
2271ba3627d18b65ed5ea63218cee7f9562acd31 02-Feb-2016 Jeff Sharkey <jsharkey@android.com> Push mapping of package name to appId to kernel.

The new sdcardfs kernel driver needs to know this mapping for
deriving UID permissions, so push the data through /config when
supported by the kernel. This also has the nice benefit of letting
us push only the deltas of what actually changes, instead of
re-parsing the entire "packages.list" file.

The mappings for newly installed apps are pushed before the app is
allowed to run, removing some latent race conditions. Also cleans
up stale mappings when packages are uninstalled, and whenever the
system server reboots.

Bug: 19160983
Change-Id: Iace92efb69616c96b34c0d9d911e4b54e5fd8a67
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
726c45970e35e3fff3eeb4d86c3b772db73adcc7 18-Feb-2016 Yohei Yukawa <yukawa@google.com> Stop granting default Contacts permission to IMEs.

This partially reverts the previous commit [1], which allowed special
components to be granted some pre-configured default permissions.

With this CL, we no longer grant Contacts permissions to pre-installed
IMEs. Rationals are:

1. Even without this CL, not the all pre-installed IMEs are granted
Contacts permission by default, because it was done during the boot
time where InputMethodManagerService is not yet completely
initialized. The current behavior is confusing not only for users
but also for developers.
2. In almost all the cases, IMEs are supposed to be able to work
without Contacts permission. Hence it is not too late to ask users
to grant the permission to the IME after the initial setup is
completed.
3. It is difficult to add new features such as File-Based Encryption
(FBE) with keeping the current implementation, because currently we
dynamically call mSettings.setCurrentUserId(userId) just to
enumerate what IMEs will be enabled for a given user. Adding
another condition (whether the user has already unlocked the device
or not) would make things more complicated.

Note that LatinIME has already support the case where Contacts
permission is not granted by default. It does not ask users for
anything until Setup-Wizard is completed, and requests Contacts
permission only when the user taps a message in the suggestion strip
that suggests users to use contacts name for typing suggestions.

[1] If8b8cadbd1980ffe7a6fc15bbb5f54a425f6e8f9
adc1cf46045ae756d3a9ccbccf6b0f894e4c1edd

Bug: 24756974
Bug: 26743676
Change-Id: Ief2a40b5971b3eb97d765f934d20ce7f2ef25665
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
18026642213698fc095a9510c2431862d3a7f310 18-Feb-2016 Jeff Sharkey <jsharkey@android.com> Sigh, safe mode.

There are still system internals making assumptions about component
details always being available when requested directly, so relax this
even further to only filter resolve results.

Bug: 27165374
Change-Id: I216fd362516064741e9b80636b99e2d0477d4a58
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fc482c30b7a3c2cf7bc14d5c86de758a16f6433d 17-Feb-2016 Makoto Onuki <omakoto@google.com> Merge "[framework] Don't allow apps on external storage to be active admin" into nyc-dev
f34db0a17ee035c165a4e81e9192f73d2455bd1c 17-Feb-2016 Makoto Onuki <omakoto@google.com> [framework] Don't allow apps on external storage to be active admin

Bug 27149287

Change-Id: I6d959d2e66dc0b19f78e6135fbdcf45ca8551958
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
eb84b1843a3f6805c6109c1d9d023550229a3fc5 26-Jan-2016 Andrei Stingaceanu <stg@google.com> Suspend packages - one call for multiple packages

Refactor setPackageSuspended into setPackagesSuspended. The rationale
is that the consumers of this API are likely to want to remove
multiple packages at once. Rather than calling the API N times, call
it just once.

The good part is that we already have the broadcast intent for
suspended packages take an array so only one broadcast. Less stress
on the system.

Another good part is that (right now) we only have one consumer of
this API and it will be easy to make changes once this CL goes in.

As a shell command, for consistency only allowed one package at
a time.

Bug: 22776761
Change-Id: Ic8b8cf64d0a288ea3a282bb7b72f9d663b3b0049
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9496df19ae7552370ec37cfb62cce3d919b0b116 12-Feb-2016 Andrei Stingaceanu <stg@google.com> Suspend packages - decline suspending the active launcher

Bug: 26953019
Bug: 26683041
Bug: 22776761
Change-Id: I7b65abff03aa32f5db8dce68364467a588facdac
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5ae4e73ef0747c2d08a901f1a76d8fb8ee64a53a 17-Feb-2016 Andrei Stingaceanu <stg@google.com> Merge "Suspend packages - new API for retrieving the suspended status" into nyc-dev
9706c01f9b92cee64bb84782138735225c8588e0 13-Feb-2016 Todd Kennedy <toddke@google.com> Remove deprecated methods / classes

Now that we've moved the majority of system components to the
PackageInstaller, we can remove the majority of the "installPackage"
methods and the VerificationParams/ContainerEncryptionParams
classes. There are still some lingering references to the two
installPackage() methods left [both internal and external; play
is using these methods via reflection].

Bug: 24542768
Change-Id: Ib65323d842d9f0e7fed60e37e6b5f103c94c859b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
415dd94ae5c71aaef62b66463724544b44b1f41f 11-Feb-2016 Svetoslav Ganov <svetoslavganov@google.com> Fail fast when trying to delete a non-existing pacakge.

bug:26921392

Change-Id: I518cc43f3b1b28bd239093feead46107c62eb419
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
37fc7a7fc0aefc44162fa38d49d3079ced899f26 16-Feb-2016 Jeff Sharkey <jsharkey@android.com> More protected broadcasts.

These actions are owned by the system and should not be sent by
third-party apps for security reasons.

Bug: 27171917, 27169730, 27172357, 27163393
Change-Id: I3161cd3c1c37d26a92723b22878dc5aef6f30c47
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
355b232d7998cfc9b29d42a0356390e25191bcbd 12-Feb-2016 Andrei Stingaceanu <stg@google.com> Suspend packages - new API for retrieving the suspended status

Instead of always rebuilding the full ApplicationInfo for a
package when callers are only interested in the suspended status
add a new fast API in Packagemanager (which only checks the
suspended user setting for the requested package and returns
a boolean) and change the appropriate caller code too.

Bug: 26794775
Bug: 22776761
Change-Id: Ide8428ef734479360d5a8a75fd8e0ed8ddf2da7a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
115d2c189a46f535778d9dd0923f703ff2f888fe 16-Feb-2016 Jeff Sharkey <jsharkey@android.com> Add feature versions for devices and apps.

We're starting to see more instances of device features that will
increment separately from the SDK API level, such as camera HAL,
GPU capabilities, Bluetooth, and other hardware standards.

This change adds the ability for device features to specify a
version, which is defined to be backwards compatible. That is, apps
requesting an older version of a feature must continue working on
devices with a newer version of that same feature.

When a version is undefined, we assume the default version "0".

Bug: 27162500
Change-Id: If890bf3f3dbb715e8feb80e7059a0d65618482ea
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c6ca265902d41a0553d15f660647410db6a3e889 15-Feb-2016 Jeff Sharkey <jsharkey@android.com> Filter components, prevent app start in safe mode.

When device is in safe mode, we're trying to keep third-party code
from running to give us a stable platform. The ideal approach would
be to treat these apps as temporarily "uninstalled" when in safe mode,
but not all system internals are ready for this.

Instead, go back to previous behavior where we simply filtered
non-system components. This isn't perfect, since there are still
cracks through which components can leak out (GET_ACTIVITIES, etc).

So as a last-ditch sanity effort, refuse to fork any third-party apps
while running in safe mode.

Bug: 27165374
Change-Id: I044ede02e923c499159faf59b12e79b97fe77fba
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f4ff39c92be840d5f53c42cb02cef6b03a1ca70f 04-Feb-2016 Svet Ganov <svetoslavganov@google.com> Multi packages per APK - broadcasts

This change introduces the ability to have multiple packages per
APK. The feature is currently restricted to privileged apps and
updates to such apps.

In essence the manifest can have multiple child package declarations.
A child package can declare everything an Android package can except
some tags or attributes that are not applicable and instead inherited
from the parent when needed. For example, the target SDK of the parent
applies to all children.

A child package can be updated only through the parent package.
A package with multiple child packages is installed, uninstalled
atomically - no partial installs where some child packages are not
installed.

This change ensures that we send package broadcasts for child packages
when they are updated, removed, disabled, replaced, etc.

Sample app:ag/848432

Change-Id: I25b29c98152dcad9ede4d4eb040cc897b7f93426
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aa72470acb85d903471aac4da0c443b77b0eb55b 12-Feb-2016 Fyodor Kupolov <fkupolov@google.com> Merge "During update enable system apps for requested users only" into nyc-dev
6b4736d604fd91aaedc6f3fe9be5a1e757aab86c 04-Feb-2016 David Brazdil <dbrazdil@google.com> Apply 'used in last 7 days' filter to OTA package extraction

Bug: 26813999

Change-Id: I5f1eddb1d5e9f0bbaab62d86e6ccf3cc097c4edb
(cherry picked from commit e292175fbd495a63b48560439d2a84b239f91e18)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8212ae0aee1700b9c287ebadf15af8dacdc8eae6 10-Feb-2016 Jeff Sharkey <jsharkey@android.com> Consistent naming for internal storage APIs.

Also completely remove a few confusingly named deprecated APIs.

Change-Id: Ia7e4ea3190a97f0a7dfa9bebf2118da0866ec38f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e0feadcaac89739a4ae66055f75ee048d004b66f 10-Feb-2016 Svetoslav Ganov <svetoslavganov@google.com> Merge "Add an API to query the package name of the services shared lib" into nyc-dev
d7b1f41109abee60ec8529369a85d84300b1d678 10-Feb-2016 Svet Ganov <svetoslavganov@google.com> Add an API to query the package name of the services shared lib

The servcies shared lib contains components apps can invoke such
as services to bind to, activities to start, UI choosers, etc.
This lib is built from AOSP code but an OEM may chage its
package name. For example, Google renames the package names for
GMS apps from android.foo.bar to com.google.android.foo.bar.
While we have more than one shared lib that are a part of the
platform (currently shared and services libs) the serivces lib
is the only one clients need to start components in, thus need
to know its package name. This change adds an API to query the
package name of the services shared lib. The API is hidden as
currently the only clients are a part of the system.

Change-Id: Ied48fa4819024522791764b22b3336d4f4b42cc3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4b72aab7fb063f99406577d4ac0beaeac174982a 10-Feb-2016 Fyodor Kupolov <fkupolov@google.com> During update enable system apps for requested users only

When a system package is updated, we now enable the package only for
requested users, i.e. userId or all users (if userId=USER_ALL).

Bug: 19063113
Change-Id: I7bd6166b16f4f8da593b4e7e4d9f5189cd02b45b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e476bf6aeb58ccdf1ae4e44c2e9319b52fe22001 09-Feb-2016 Svetoslav Ganov <svetoslavganov@google.com> Delete only the target user

bug:27094971

Change-Id: I5b43d59ff6edeefc0e05a6ec90d04d388e707c29
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2d291d89f957495917071282ac0afce9b65c5e26 06-Feb-2016 Selim Gurun <sgurun@google.com> Introduce a use32bitAbi flag

Bug: 26874366

On Multiarch apps, it might be necessary to prioritize 32bit Abi ahead
of 64bit ones. The use32bitAbi flag enables this.

This CL also reverts the public api changes in I2c1fd1d036efe72b28b5fe996416df69a583959f and Ie3ecea6d84e2cb1522e736a21c3a3a24ac62eb27. Previously
the same functionality was provided using a raw abi string that
utilized cpuabioverride flag.

Change-Id: Idce3cbfedd11ef9079ce8a2901e69d30b1cf9ef4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
354cd3ce2213a1032d9138ea6fa1420f055ab08c 17-Dec-2015 Svet Ganov <svetoslavganov@google.com> Multi packages per APK

This change introduces the ability to have multiple packages per
APK. The feature is currently restricted to privileged apps and
updates to such apps.

In essence the manifest can have multiple child package declarations.
A child package can declare everything an Android package can except
some tags or attributes that are not applicable and instead inherited
from the parent when needed. For example, the target SDK of the parent
applies to all children.

A child package can be updated only through the parent package.
A package with multiple child packages is installed, uninstalled
atomically - no partial installs where some child packages are not
installed.

The remaining work is to ensure broadcasts are also sent for child
packages. This will come in a subsequent change.

Sample app:ag/848432

Design doc: https://docs.google.com/document/d/18nFWtJuZchLxrHf5SBbJW03-Ky9Rh_G0-OVB14b6u78

Change-Id: I6fd021d981bf5786290e0c53502724a14c97358c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e4697136ed8d3e2486738b5798b22f2226b7de75 07-Feb-2016 Jeff Sharkey <jsharkey@android.com> Migrate default app data on non-FBE devices.

When a system app requests "forceDeviceEncrypted" they expect their
default app storage to point at a consistent location regardless of
device FBE support. So when booting upgraded non-FBE devices, we
may need to migrate any data from CE to DE. Note that on non-FBE
devices these are just semantic locations with identical protection.

This migration *only* works for non-FBE devices; changing
forceDeviceEncrypted flags on an FBE device always requires a full
data wipe.

Bug: 26668510
Change-Id: Ic5dfeaaf2db26c385901a638ca8ec35eb3c52859
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
47f7108c1270a9e81d9560b6b0570c659bb93a71 02-Feb-2016 Jeff Sharkey <jsharkey@android.com> Prepare user storage just before using it.

Wire up preparing of user-specific app storage to existing user
lifecycle hooks. This way we're sure the storage is ready to roll
just before we start reconciling app data directories.

This also has the nice property that we only prepare storage when
we know that keys are unlocked.

Bug: 25796509
Change-Id: Ic7df9ddbcfb1e20649d11b6cf68d424e3c365ee1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fe54b11803e7940d23b6c540b2e6db738299702c 02-Feb-2016 Andreas Gampe <agampe@google.com> Merge "Frameworks/base: Add A/B OTA preopting"
0829fd4b269aafd0d64a93f00870c124bee877eb 02-Feb-2016 Selim Gurun <sgurun@google.com> Merge "Run 32-bit app in multiArch APK."
a89087542f774c585b6a6ec535fc294721710521 10-Nov-2015 Andreas Gampe <agampe@google.com> Frameworks/base: Add A/B OTA preopting

Add an OTA Dexopt service. Refactor package manager service and
package dex optimizer to reuse some code. Add knowledge about
OTA flag to installer.

Bug: 25612095
Change-Id: I7dd6bb468fea44b9d3acf0ac7d7404fb02d0f30a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c9a0237f5f49f2ffa52affb1bfd3e190b2267f22 13-Jan-2016 Tao Bai <michaelbai@google.com> Run 32-bit app in multiArch APK.

Bug: 26874366

Change-Id: I2c1fd1d036efe72b28b5fe996416df69a583959f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
84867864932d7b8ed20e2c31f4568cb16bcc020e 01-Feb-2016 David Brazdil <dbrazdil@google.com> Merge "Add 'package compile' shell command"
493411ace40a8b4a90be70576f361c5b7515f29d 01-Feb-2016 David Brazdil <dbrazdil@google.com> Add 'package compile' shell command

Bug: 26707406
Change-Id: I554969c9f3b3153179370d3d23a88fa7e8693885
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
20a0e405aadd4a200834b70283c20ed34ae09336 01-Feb-2016 Nicolas Prévot <nprevot@google.com> Merge "Don't forward an intent if all handlers are suspended."
1990221c93499f3be64ba119c4c2def884df9cd9 29-Jan-2016 Andreas Gampe <agampe@google.com> Merge "PackageManagerService: Add more ABI adjustment logging"
a9aa24974ee4620b42a0573189b68c9af50926c5 29-Jan-2016 Jeff Sharkey <jsharkey@android.com> Remove "updatecmds" feature.

This feature is very old and hasn't been used in many releases. In
addition, it was never taught about multi-user layouts, and it would
be incredibly hard to maintain in the new FBE world where CE keys
may not appear until several reboots after an OTA.

Bug: 26854442
Change-Id: I3e88d38fde671e41ea9bdd790173d8b93c8a5c12
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c35e8c9c31ffc0419e2c3f75aa933368b20a56f2 29-Jan-2016 Andreas Gampe <agampe@google.com> PackageManagerService: Add more ABI adjustment logging

To help with diagnosis of preopt-related ABI-mismatched induced
errors, log more information during ABI adjustment.

Change-Id: I035f229b20588d5f1ec5f91707ef687d39c1a267
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b92b05bb4bcaa6f7869128e925d0331eee62e4da 28-Jan-2016 Jeff Sharkey <jsharkey@android.com> Report FBE through a feature string.

Since devices can be converted to enable/disable FBE across a
factory reset, we offer to add the features dynamically depending
on device status.

Bug: 26808417
Change-Id: I905140ba500a5e69756b547f2b1d6167b9a37dc6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0af6fa7015cd9da08bf52c1efb13641d30fd6bd7 18-Jan-2016 Amith Yamasani <yamasani@google.com> Voice Interaction from within an Activity

This allows an app to show a voice search button
and invoke a voice interaction session for use
within the activity. Once the activity exits, the
session is stopped.

Test application has a new activity that
demonstrates it with the test voice interaction
service.

This initial version is functional enough for
an integration test, with some more tests
and improvements to come later.

Bug: 22791070
Change-Id: Ib1e5bc8cae1fde40570c999b9cf4bb29efe4916d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9dff854be4f7b552c5f6fe05331b9dd85de134d1 21-Jan-2016 Calin Juravle <calin@google.com> Clean up passing volumeUuid to DexOptimizer

The argument was redundant.

Also, we should have taken the uuid for shared library from their
package information.

Bug: 26080105
Change-Id: If3d86e00ebecfc13cf63482bce4ac32a119de967
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3bcf800c50238ac2df19c9fc0375c303905524b0 14-Jan-2016 Andrei Stingaceanu <stg@google.com> Suspend apps - block

* kill app when suspending
* block starting ONLY activities for suspended apps
* do not allow suspending the device admin package

Bug: 22776761
Change-Id: I3ee5fcb2d6828f363ce0f024dbc662ab29275192
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a0e10434c49c6fe075e853da2046fd281318c4c4 20-Jan-2016 David Brazdil <dbrazdil@google.com> Extract APKs on install or OTA

ART will unzip APKs in memory during launch if an OAT file is not
present. To save the time and memory, this patch will invoke dex2oat
with '--compiler-filter=verify-at-runtime' to unzip the APK during
install or after an OTA.

Change-Id: I16583f9450ad60356123a29f7a6a649b2ab9999f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
78cea814da1a83d868bdaed596c6a9e304eb4570 21-Jan-2016 Svetoslav Ganov <svetoslavganov@google.com> Merge "Update flags before querying activities when parsing default apps."
5fd83dcda2d5423014c64cbcb6a880742145dc59 21-Jan-2016 Svetoslav Ganov <svetoslavganov@google.com> Update flags before querying activities when parsing default apps.

Change-Id: I0120f32bfa2a7dd93714e8592496df4a0d74d07e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
69d5ebc59e3cbc9c394906a95dc4b9bdc3355c08 14-Jan-2016 Andrei Stingaceanu <stg@google.com> Suspend apps - broadcast intent and API

Send a protected broadcast to registered receivers only
when packages get suspended.

Bug: 22776761
Change-Id: I043053ed45bdc202ead18518a0c1e39cce47947c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7bdf3cff92d26f9a4a8b88f816f5313fe02d6a33 19-Jan-2016 Calin Juravle <calin@google.com> Merge "Enable profile guided compilation on the framework side"
db4a79a5d7d348e9d2286d95d4e5a59dd484456f 23-Dec-2015 Calin Juravle <calin@google.com> Enable profile guided compilation on the framework side

The background compilation service will trigger a profile based
compilation instead of a full one. If no profile information is
available the compilation is skipped (see installd).

Note that the end decision whether or not to compile a package is taken
by dext2oat. We can't make the decision here because this service runs
under system server which cannot read app's profile data.

Bug: 26080105
Change-Id: I457ea8dea0557839c1f7cdc241770055732b0a4a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f340974e06980e1fcc3a6ef8b5603307b6650187 12-Jan-2016 Janis Danisevskis <jdanis@google.com> Change permissions of apps' home dir to 0700 for SDK > 23

This patchset changes the installd such that apps' home
directory has permissions set to 0700 if build for a
target SDK version. In consequence the commands

create_app_data and move_complete_app

get one more parameter, the target SDK version.
Apps built for a lower SDK version will still have
home directories with permissions set to 0751.

Bug: 7208882
Change-Id: I651da956dd57d882772b23a433421e9130ea4c0b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
12cde00dc03ec802801b8fd7611c1706ab7d4363 16-Jan-2016 Jeff Sharkey <jsharkey@google.com> Merge "Prepare app data only when storage is available."
0e62384ccbd00e9f78851929ca88b919679ee32e 14-Jan-2016 Jeff Sharkey <jsharkey@android.com> Prepare app data only when storage is available.

Before this change, scanning a package aggressively tried checking
to ensure that private app data was prepared. However, in an FBE
world we may not have access to that data at scan time. So this
change shifts the preparing of private app data until later: it
prepares DE storage when a user is started, and CE storage when a
user is unlocked. Wire ourselves into the user lifecycle so we can
prepare storage at both user start and unlock.

When DE/CE storage becomes available, this change reconciles any
found packages against known installed apps, and deletes any orphaned
data directories.

We now need to store the last-restorecon hash in an xattr on a
per-user directory basis, since we can't restorecon CE storage until
it's unlocked, or adopted storage until it's mounted. Remove a
bunch of used logic for loading dynamic SELinux policy at runtime;
our policy always comes from the system image.

Bug: 26466827, 26544104
Change-Id: I8d0a4ef862c35f4e4ef5c7f20d3bb8f12ba3fd4b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e9fd1fa31ad6f62d1eb6f32cdcdab50349f246eb 16-Sep-2015 Christopher Tate <ctate@google.com> Back up / restore runtime permission grants

Only user-originated grant actions are backed up/restored. This
includes outright grants, one-time denials, and "never ask again"
type denials.

Bug 19870549

Change-Id: I78b4a8abb713dc5d74b93cb53217b212d57b26e4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b4c298e39978e189dcc2ad059b4030a12655119c 14-Jan-2016 Jeff Sharkey <jsharkey@android.com> Installing packages always needs to create dirs.

When we're installing an existing app for a user, we still need to
create the private data storage for that app.

Bug: 26554043
Change-Id: Ie18e0952600f860325718f84094aedeac3681403
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fdeeeea6cfdebdb98dd70a7dd48965743af01750 12-Jan-2016 Jeff Sharkey <jsharkey@android.com> Follow installd changes, throw exceptions.

Start by passing down flags to work on both CE and DE storage areas;
a future change will refine this further.

Force consistent argument checking and null handling for all
installd callers. Throw explicit exceptions instead of returning int
values that can accidentally be ignored.

Bug: 26466827
Change-Id: Iddb591f6b3c7786d210d3f132ff7f9886a97b749
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9229ee595988c66f1c59409a963fef88b2c30e03 12-Jan-2016 Jeff Sharkey <jsharkey@google.com> Merge "Install non-EA providers once user is unlocked."
12705131b95d5d6bcfae79d7991ff3e6f02457e4 06-Jan-2016 Todd Kennedy <toddke@google.com> Hide ephemerality

Change-Id: Ibf60366b3f00b1920e330cd804bcc1c550f8882a

Bug: 26404647
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f15150be6538374ebcc15172a59fb551a60c0d13 11-Jan-2016 Nicolas Prevot <nprevot@google.com> Don't forward an intent if all handlers are suspended.

If all the activities that can handle an intent in the other
profile are suspended: don't forward the intent to the other
profile.

BUG:26461656
Change-Id: If2838b42224879bfc745554ee4e92dded1748f0d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2bd31dbd023a11d90061c7b6831dd06454c928af 10-Jan-2016 Jeff Sharkey <jsharkey@android.com> Install non-EA providers once user is unlocked.

When starting encryption-aware apps while the device is locked, we
can only spin up ContentProviders that have been marked as
encryption-aware. Once the user is unlocked, we need to go back and
install non-encryption-aware providers in already running apps.

Fix bugs in getPackageInfo() where only one of the various MATCH_
flags was being consulted (!). Move matching logic to single unified
location in PackageUserState so we have consistent behavior.

Fix another class of bugs where Safe Mode wasn't correctly filtering
package details (!). These bugs are fixed by splicing in the new
MATCH_SYSTEM_ONLY flag as part of state-based flag mutation that was
added for encryption.

Bug: 25944787
Change-Id: I39c8da74b1f9ba944cc817176983f50ba322329c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cd65448ccd13c4c2d0fe9e9623fec3a898ab9372 09-Jan-2016 Jeff Sharkey <jsharkey@android.com> Even more PackageManager caller triage.

Finish moving all UID/GID callers to single AIDL method that requires
callers to provide flags.

Triage AppWidgets and PrintServices, which currently can only live on
internal storage; we should revisit that later.

Fix two bugs where we'd drop pending install sessions and persisted
Uri grants for apps installed on external storage.

Bug: 26471205
Change-Id: I66fdfc737fda0042050d81ff8839de55c2b4effd
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0ab0bdde2b39c77175d9e0d69d6631e130e4b5ac 09-Jan-2016 Jeff Sharkey <jsharkey@google.com> Merge "More progress on triaging PackageManager callers."
c5967e9862489024c932b0c7fcb84ed0af2a7fd7 08-Jan-2016 Jeff Sharkey <jsharkey@android.com> More progress on triaging PackageManager callers.

Catch a bunch of simple cases where the PackageManager flags are
obvious. Add the ability to use the MATCH_SYSTEM_ONLY flag on
PackageInfo and ApplicationInfo queries.

Re-examine recent tasks after a user is unlocked, since some of the
activities may now be available and runnable.

Bug: 26471205, 26253870
Change-Id: I989d9f8409070e5cae13202b47e2c7de85bf4a5b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a440d94d0ffe084026b24a16f7684efe1b1baff8 08-Jan-2016 Jeff Sharkey <jsharkey@android.com> Verifier is required, except when it's not.

There are still some devices out there that are missing a verifier,
so relax this until we have time to look closer.

Bug: 26438767
Change-Id: I10e154d736619963c20aaed8199a457f3004011c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e46fbfaf2e5759b54091dd62e2e9cf14a8545fcf 07-Jan-2016 Jeff Sharkey <jsharkey@android.com> Don't look for verifier/installer when core only.

When booting the device in core-only mode we're running over a tmpfs
and only a small handful of apps are actually available. Don't
bother looking for verifiers or installers, since we probably won't
find them.

Bug: 26438767
Change-Id: Ia4c4a6e71007b01c4aaa273c2e0197b5cd021262
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e06b4d1d9f718b9fe02980fea794a36831a16db2 06-Jan-2016 Jeff Sharkey <jsharkey@android.com> Consistent naming for PackageManager methods.

When hidden PackageManager methods take a userId argument, they
should be named explicitly with the "AsUser" suffix. This fixes
several lagging examples so that we can pave the way to safely
start passing flags to new methods without scary overloading.

Also fix spacing issues in various logging statements.

Change-Id: I1e42f7f66427410275df713bea04f6e0445fba28
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2a90f673f5819e05ea72f6aba3e75956e0f807dc 06-Jan-2016 Jeff Sharkey <jsharkey@android.com> Update logic for resolving verifiers.

Verifiers or installers may not be encryption-aware, or the user may
have disabled them, so we probe pretty deeply during system boot to
resolve them. Use the new MATCH_SYSTEM_ONLY flag to limit results to
packages on the system image.

When there are multiple matches, pick the one with highest priority
instead of crashing the system.

Switch to updated MATCH_ constants in more places.

Bug: 26250295
Change-Id: Ia7a3b1fb74da6c3b9d2c2edbf1deaa9fb52fc40a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4f6d400b0fa4c94e0f785a7b15ffb30126e6759d 05-Jan-2016 Alex Klyubin <klyubin@google.com> Merge "No need to pass digest of AndroidManifest.xml around."
31ffb442414bd9cf6c0225799d7d0c5409f3769d 21-Dec-2015 Alex Klyubin <klyubin@google.com> No need to pass digest of AndroidManifest.xml around.

When an APK is being installed, the full path to the file is
occasionally passed between processes. To detect changes to the file
during these handovers, the digest of the AndroidManifest.xml entry
could be passed around as well.

This security feature is no longer used and is no longer needed. APKs
should be installed using the modern Package Installer API
(android.content.pm.PackageInstaller).

Bug: 24542768
Change-Id: I2762634c85448e7adcd47ffc9a5294c021e127bd
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2f3e35376ada0327b34a71d7c45ac6e6d955d7dc 21-Dec-2015 Jeff Sharkey <jsharkey@android.com> More work towards triaging missing app behavior.

Many places across the platform query package details without
gracefully handling packages or components that go missing for
various reasons. This can cause annoying user data loss, such as
resetting back to built-in apps or dropping of accounts, etc.

This change verifies that system callers have thought about these
edge cases by logging if they use default matching behaviors without
explicitly marking themselves as being "triaged." (The logging is
currently disabled by default.)

Also creates explicit definitions of supported flags for various
incoming PackageManager calls, and defines a clear distinction
between flag types:

-- GET-style flags are used to request additional data that may have
been elided to save wire space.

-- MATCH-style flags are used to include components or packages that
would have otherwise been omitted from a result set by current system
state.

There are a handful of existing GET flags that better fit under the
MATCH definition, so this change clones them to new constants and
marks the old ones as deprecated.

Fixes bug in JobSchedulerService to consider jobs from apps on
external storage. Revert some dialer behavior back to being
untriaged.

Change-Id: I9b6ab0968241e3479bddbd78de0c51e3b9917318
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5217cacbd9f382068bb9e176cd5a0b15388a335c 20-Dec-2015 Jeff Sharkey <jsharkey@android.com> Make JobSchedulerService encryption aware.

When a user is started, but a persisted job component doesn't appear
in the normal resolution list, we avoid enqueuing the job. Later
when the user is unlocked, we take another pass over the pending
jobs to see if they became available.

Load keyboard layouts from XML metadata regardless of crypto status,
since we don't need to spin up any remote code.

Add MATCH_SYSTEM_ONLY to make system logic easier to write when
looking for trusted components.

Sprinkle more annotations on ArrayUtils methods.

Bug: 26279465
Change-Id: Iec28e0bb46862b07d740b12a79f6360de68dab0f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2a9e3f8e6813716ab88ca54fd04ae047dc9aaaeb 18-Dec-2015 Jeff Sharkey <jsharkey@android.com> Better named encryption flags, start triaging.

Create distinct flags for encryption aware, unaware, and both, and
name them like the other MATCH_ flags.

Start adding logic to help triage all system internal callers to
verify that they've done their homework and thought about how to
handle apps while locked. Call sites in the system should either
ask for explicit matching behavior, or explicitly use the DEFAULT
match flag to indicate that they've been triaged to use the
default state-based matching.

Bug: 26250295
Change-Id: I86214e5c4f71a6dc72f06930800388713aecd107
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
36a832dd128c18628783cc629b89b2ae399db4f8 17-Dec-2015 Todd Kennedy <toddke@google.com> Merge "revert quick install"
373f0b4313d3a2444aebf6b89a71c4ba64566110 16-Dec-2015 Todd Kennedy <toddke@google.com> revert quick install

bug: 25118622
Change-Id: I61c3a1ea9015599dc45bd9e656f99f6bf8c4ec02
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6142f90b9f99c33c4f75c2057fb1db3bc77425cf 17-Dec-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Introduced PRIVATE_FLAG_REQUIRED_FOR_SYSTEM_USER"
1e2839188fb49575b86646d3aadb355c81ef9cc5 26-Nov-2015 Andrei Stingaceanu <stg@google.com> Wire call to suspend a package

Adds APIs in DevicePolicyManager and PackageManager for allowing
a device admin to suspend a package. PackageManagerService sets
or unsets a new PackageUserState 'suspended' setting. Terminal
command to suspend/unsuspend has been added via
PackageManagerShellCommand (as root).

Next steps:
* use the new 'suspended' setting for denying access to start app
(probably in ActivityStackSupervisor)
* broadcast a PACKAGE_(UN)SUSPENDED intent for launchers to pick up
* remove app from recents (go further and kill it if it is running)
* erase existing notifications for this app

Bug: 22776576
Change-Id: I718b3498f6a53cc0c6fdfb6d15031e53ddca4353
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bdbc9692c7cb365d9d3f239baa2377724a6f7bc8 14-Dec-2015 Fyodor Kupolov <fkupolov@google.com> Introduced PRIVATE_FLAG_REQUIRED_FOR_SYSTEM_USER

When set, signals that the application is required for the system user and
should not be uninstalled.

Bug: 25616324
Change-Id: Idbbd1618e09c40bdb83fa26c0a3d9662dd73bea4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7440f177c3e70da0b883f8abffd6c8fc1d507bb8 09-Dec-2015 Todd Kennedy <toddke@google.com> Fix ephemeral post-install launching

Provide the ephemeral installer with some additional pieces of information:
1) instead of de-referencing the URL a second time, give the installer the
exact package name
2) instead of relying on ephemeral apps to define verified links, give the
installer a pending intent to launch when the ephemeral is installed
3) give the installer a pending intent to launch if the installer fails,
for whatever reason, to install the ephemeral app

Bug: 25119046
Change-Id: I45f50481caee09d5d09451e4b2492e64b0faae82
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
63b0318e4bd1fff25e6d434513488bb3bdca3097 15-Dec-2015 Jeff Sharkey <jsharkey@google.com> Merge "Protect some more broadcasts."
4267eacc3bd6c781423a871e135bac03cd93718a 15-Dec-2015 Jeff Sharkey <jsharkey@android.com> Protect some more broadcasts.

Bug: 26144973
Change-Id: Ic05bca52913ee5545719f0f24bed5b359f31259f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cbeb114881c2bd3408ce302b0d48cb2449f1dcb0 12-Dec-2015 Andreas Gampe <agampe@google.com> Frameworks/base: Some cleanup in PackageManagerService

Some cleanup of unused/unnecessary code.

Fix two null-pointer checks.

Bug: 19797138
Change-Id: Ib66f60f39f5c6a5902d1687328d78a2148f76155
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6ac42aeed905181b484f97a53db57a17134ef7a8 09-Dec-2015 Dianne Hackborn <hackbod@google.com> Add a mechanism for broadcasts to control background dispatching.

Right now this is just for the BOOT_COMPLETED broadcast to allow
all apps to receive it.

Also clean up the dumpsys of the broadcast queue to not have
every little detail of ResolveInfo+ActivityInfo+ApplicationInfo,
which is just not useful and makes reading the broadcast queue
debug output a lot harder because of so much noise there is.

And rename the package shell query-intent-* commands to a
shorter query-* form.

Change-Id: I0d01565babb87e68b840c9756a2ea730d699efc7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2acf063da08dfff69f184c9a6a90a7a5fe60d818 25-Nov-2015 Svet Ganov <svetoslavganov@google.com> Ephemeral cookie API

Add APIs for an ephemeral app to set a cookie which is a small
peice of data cached longer than the app itself. This is useful
for avoiding the user to login every time they use the ephemeral
app. The cookie is stored after an ephemeral app is uninstalled.
Normal apps or ephemeral apps upgraded to full apps can also use
these APIs with the difference that once they are uninstalled
the cookie is deleted.

The cookie size defaults to 16KB and is configurable by a global
settings which can be adjusted via gservices. Also eviction policy
is time based with a default of one month and is configurable by
a global setting which can be adjusted via gservices. If the cert
of the app cahnges (when ephemeral is installed, uninstalled and
installed again) the cooke is wiped to prevent data leaks.

This cahange also adds an API for apps to know whether they run in
an ephemeral mode since it this mode some APIs will not be available.
Another API exposed by this change is private for the system and
exposes all ephemeral apps - installed and uninstalled. Only the
system can call this API. When an ephemeral app is uninstalled the
system stores its name, icon, and permissions. When the app is
reinstalled or a full version is installed the permissions are
propagated.

Change-Id: Id4a73a7750bfbabda0bfcb9bf9018d2062e94367
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c4dd021322d38ea32ac49930e904b6d08ce6490c 18-Nov-2015 Lenka Trochtova <ltrochtova@google.com> Introduce ephemeral users.

BUG: 24883058

Change-Id: I2e1d6aa184142c2a3dc0415c0cd407573453cf41
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0e57034afda4492b602d450c4ab4240e8e1d26d8 08-Dec-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Fix locking error when a new user is created"
d8327bd864e52bbc6cc57e933488aa7e99654d4f 01-Dec-2015 Fyodor Kupolov <fkupolov@google.com> Fix locking error when a new user is created

Installer should not be called with mPackages lock held.

Bug: 25934378
Change-Id: I619af324d997dd1e4a2ac99171cb0e683c5713d1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
39a275b3980b5ea75e060da540229b95a47333f7 04-Dec-2015 Jeff Sharkey <jsharkey@android.com> Better protection for system broadcast intents.

When the system sends broadcast intents, it's in a very authoritative
position, and many apps blindly trust the sender. This is why we've
historically had the concept of "protected broadcasts" which can only
be sent by the system.

However, it's far too easy to send new broadcasts from the system
without adding them to the protected list. This CL adds logic to help
catch those cases. Currently it just logs the error and continues
sending the broadcast.

Based on boot analysis of a typical device, add 36 new protected
broadcasts.

Bug: 24571095
Change-Id: Ie2cc6b0b2026e67c64730af897e4eb3e0e8404f1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c72b3101ee368d2a9943e4436ede679acfa38f92 07-Dec-2015 Todd Kennedy <toddke@google.com> Merge "Add ephemeral installs"
b3523c45dd764ba9926ee70a04cfee78b10e7ab4 04-Dec-2015 Tony Mak <tonymak@google.com> Merge "Introduce ONLY_IF_NO_MATCH_FOUND in CrossProfileIntentFilter"
2699f065558ba78066887210b0c7346105959860 20-Nov-2015 Todd Kennedy <toddke@google.com> Add ephemeral installs

* Add a new --ephemeral argument to 'adb install'
* Add plumbing to internally track ephemeralness
* Create new app directory for ephemeral installs

Bug: 25119046
Change-Id: I1d379f5ccd42e9444c9051eef2d025a37bd824fe
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5cbbdf2ca610ac7a35b38788d0c92c2e851bbda9 03-Dec-2015 Jeff Sharkey <jsharkey@android.com> Merge "Improved variable naming" am: 4ef9d41066 am: bc57510e9f
am: ec0e46fbc6

* commit 'ec0e46fbc612cb9575ae3e7901664cd34666f438':
Improved variable naming
ec0e46fbc612cb9575ae3e7901664cd34666f438 03-Dec-2015 Jeff Sharkey <jsharkey@android.com> Merge "Improved variable naming" am: 4ef9d41066
am: bc57510e9f

* commit 'bc57510e9f359929a55130d8a35c61a84dad4568':
Improved variable naming
bc57510e9f359929a55130d8a35c61a84dad4568 03-Dec-2015 Jeff Sharkey <jsharkey@android.com> Merge "Improved variable naming"
am: 4ef9d41066

* commit '4ef9d41066d8b4124c2c59752512adf24102634d':
Improved variable naming
35fc197caaecf22e8e5642963aa4807f1b43d88f 02-Dec-2015 Todd Kennedy <toddke@google.com> Merge "Copy into ASEC container"
9c165d76010d9f79f5cd71978742a335b6b8d1b4 02-Dec-2015 Svet Ganov <svetoslavganov@google.com> Add optional permission review for legacy apps - framework

For some markets we have to allow the user to review permissions
for legacy apps at runtime despite them not supporting the new
permission model. This is achieved by showing a review UI before
launching any app component. If an update is installed the user
should see a permission review UI for the newly requested
permissions.

To allow distinguishing which permissions need a review we set
a special flag in the permission flags that a review is required.
This flag is set if a runtime permission is granted to a legacy
app and the system does not launch any app components until this
flag is cleared. Since install permissions are shared across all
users the dangerous permissions for legacy apps in review mode
are represented as always granted runtime permissions since the
reivew requirement is on a per user basis.

Whether the build supports permission review for legacy apps is
determined by a build constant allowing us to compile away the
unnecessary code for markets that do not require a permissions
review.

If an app launches an activity in another app that has some
permissions needing review, we launch the permissions review
UI and pass it a pending intent to launch the activity after
the review is completed.

If an app sends a broadcast to another app that has some permissions
needing review, we do not deliver the broadcast and if the sending
app is in the foreground plus the broadcast is explicit (has a
component) we launch the review UI giving it a pending intent to
send the broadcast after the review is completed.

If an app starts a service in another app that has some permissions
needing review, we do not start the service and if the calling app
is in the foreground we launch the review UI and pass it a pending
intent to start the service after the review is completed.

If an app binds to a service in another app that has some permissions
needing review, we schedule the binding but do not spin the target
service's process and we launch the review UI and pass it a callback
to invoke after the review is completed which spins the service
process and completes the binding.

If an app requests a content provider in another app that has some
permissions needing review we do not return the provider and if
the calling app is in the foreground we show the review UI.

Change-Id: I550f5ff6cadc46a98a1d1a7b8415eca551203acf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
191d771a574c16586352b2c0cc0687ed2962f6a1 02-Dec-2015 Todd Kennedy <toddke@google.com> Copy into ASEC container

Even when staged, copy into an ASEC container if the package is
forward locked.

Bug: 25812587
Change-Id: I385f7a441f3c6dc76fb076b4505bc9f43b10bd93
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
807e01cb47c2d5442f76e27b70a7206f77ed76d8 01-Dec-2015 Tony Mak <tonymak@google.com> Introduce ONLY_IF_NO_MATCH_FOUND in CrossProfileIntentFilter

With this flag, activities in other profiles can respond to the intent
only if no intent-filter with non-negative priority in current profile can
respond to it.
It is designed like this because activities with negative priority
intentfilter are always used as a fallback in case no one can respond
to the intent. In this case, we expect there is a "real" activity in
other profiles can handle the intentfilter

Here is the example activity that handle the call related intents when
there is no dialer.

NonPhoneActivity.java in Contacts app is an example.
https://github.com/android/platform_packages_apps_contacts/blob/master/AndroidManifest.xml#L461

Bug: 25760508

Change-Id: Ife2a7c19e91ddf5d2e81ad09bd4cf712cdcdb986
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8924e8759f9a8cffb5ad538ca40a7826793aac07 30-Nov-2015 Jeff Sharkey <jsharkey@android.com> Wire up lifecycle, send unlocked broadcast.

When the correct lock pattern is presented, ask the system to also
unlock credential-encrypted storage, if enabled. The token passed
along is empty for now, but can be wired up to gatekeeper in the
future.

During each system boot, ask vold to lock all users keys to give us
a known starting state. This also has the effect of chmod'ing away
any CE data when in emulation mode.

Define and send a new foreground broadcast when the CE storage is
unlocked for the first time. Add stronger last-ditch checking for
encryption-awareness before starting an app.

Bug: 22358539
Change-Id: Id1f1bece96a2b4e6f061214d565d51c7396ab521
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4fab7fbeb01026e5dc81f9d0dc445042e91c8f80 25-Nov-2015 Yury Zhauniarovich <y.zhalnerovich@gmail.com> Improved variable naming

Variable name "appOpPerms" is substituted to "appOpPkgs", which is better
suited.

Change-Id: I038b93fdf5e539551c4aab12d9918c9937602e2d
Signed-off-by: Yury Zhauniarovich <y.zhalnerovich@gmail.com>
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c8a5a555f1482d0f45b538eb898d6ee7e26552a6 19-Nov-2015 Makoto Onuki <omakoto@google.com> DPM.isDeviceOwnerApp() and getDeviceOwner() now check calling user

- Previously on MNC, they would return the same result regardless who
the calling user is.

- Now they properly take DO user-id into account. Meaning, they'll
always return false and null respectively, if the calling user doesn't
run device owner.

- Note isDeviceOwnerApp() is a public API and getDeviceOwner() is
a system API. Meaning we're changing the behavior or non-private
APIs.

- Also cleaned up hidden APIs, and gave them explicit suffixes
to avoid confusion. Bundled code should prefer them for clarity.

Now we have:

* APIs that work cross-users: They all require MANAGE_USERS.
boolean isDeviceOwnerAppOnAnyUser(String packageName)
ComponentName getDeviceOwnerComponentOnAnyUser()

int getDeviceOwnerUserId()
boolean isDeviceOwnedByDeviceOwner()

String getDeviceOwnerNameOnAnyUser()

* APIs that work within user. No permissions are required.

boolean isDeviceOwnerAppOnCallingUser(String packageName)
ComponentName getDeviceOwnerComponentOnCallingUser()

Bug 24676413

Change-Id: I751a907c7aaf7b019335d67065d183236effaa80
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cb6fd80721253ffa9dcab5cf8c2f4e9b9cd17ccc 05-Nov-2015 Fyodor Kupolov <fkupolov@google.com> Added keep-uninstalled-packages DO policy

This policy allows DO to specify a list of apps to cache even without being
installed on any user.

Bug: 23938464
Change-Id: I2eeab7f148409739fc23a5c44e955ad12b63fd04
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b4fdb933cb7d48fd2b298a84e209cd7288f8a2c5 19-Nov-2015 Todd Kennedy <toddke@google.com> Merge "Allow ephemeral provider/installer"
b8a279ee838c309a64211a3caa5e5e204250163d 18-Nov-2015 Todd Kennedy <toddke@google.com> Allow ephemeral provider/installer

The ephemeral provider is a service that simply determines whether or
not an ephemeral application is available. The ephemeral installer
does the heavy lifting of installing the ephemeral application.

Bug: 25119046
Change-Id: I591f4c2c3f2b149d299fa8b4f359f2582d9199cb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ba51235ef5c598d845b77fcf14491329493da34f 13-Nov-2015 Jeff Sharkey <jsharkey@android.com> More file-based encryption work.

Add new "am unlock-user" command so we can trigger changes from the
command line.

Move FBE check to static method so it can safely be called early
during boot before the mount service is ready. Move FBE emulation
to persisted system property, and start reading/writing that value.

Change default permission grants to ignore current encryption-aware
flags, since many of the target apps aren't crypto aware.

Always prepare package data directories, which is how we create the
new "user_de" paths during boot.

Bug: 22358539
Change-Id: I6f58ea2d34b3a466d3775d614f8a13de92272621
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
505184bf459a1f961bb3ae77a4d021ebe55d65b3 17-Nov-2015 Svet Ganov <svetoslavganov@google.com> Don't grant runtime permissions on install to legacy apps

bug:25329324

Change-Id: Ia020b96eaef8895f0c2a13bddacfa7a053c56d32
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1653ac43956f74a3a31d76711f9c07348716a3d5 17-Nov-2015 Dianne Hackborn <hackbod@google.com> Merge "Don't send PACKAGE_CHANGED of components to manifest receivers."
354c3bc3945cd0d676c403039c528c5f45d8a091 17-Nov-2015 Dianne Hackborn <hackbod@google.com> Merge "Some debugging improvements."
11c5b0aff7a742e21bd701ad04572dcf7e0f9332 16-Nov-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Reduce excessive locking in UserManager"
e80085d61ae6d9e496101f29051cfbb69185f96e 07-Nov-2015 Fyodor Kupolov <fkupolov@google.com> Reduce excessive locking in UserManager

Bug: 24979571
Change-Id: I1cfbe48712ae26ec134354d109d2538d566b92d7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9fdc67f90014c5160068c277711c76430eb8f380 13-Nov-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Moved system user apps whitelisting to PM"
70f929eedec10b154170ad66c9d53f18bfc4f613 11-Nov-2015 Makoto Onuki <omakoto@google.com> Disallow DA to reset password, also fix all DO checks

Now pure DA (not PO, not DO) aren't allowed to change the password
if one is already set.

Also update "isDeviceOwner" check and make sure we always take
user-id into account. If one really wishes to check the package name
only, then use getgetDeviceOwner() instead.

Also change the enforceNotManagedProfile() check to what's more
generic in the FBE world.

Bug 25645900
Bug 25547523
Bug 25643916

Change-Id: I588ecf9452fe3acc1fb0b4ca0457ad662382fcd2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1682dad7ed303fc43a07e70d0bb5cb42103a7624 12-Nov-2015 Fyodor Kupolov <fkupolov@google.com> Moved system user apps whitelisting to PM

Previously applications where uninstalled for the system user at a later stage
in a boot process, when PM has already been initialized and registered as
a service. This was causing a flood of PACKAGE_REMOVED broadcasts.

Applications are now uninstalled at an earlier stage, when PM hasn't been
registered. Packages can simply be marked as not installed and broadcast
can be skipped.

Bug: 25626819
Change-Id: Ib64e7c45619809b0efb99cc566a9a2120ed48cd3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f36003f620ba5fcb3a30dcdf77adb262b10866ee 11-Nov-2015 Dianne Hackborn <hackbod@google.com> Don't send PACKAGE_CHANGED of components to manifest receivers.

To reduce broadcast spam, when we send a PACKAGE_CHANGE filter that
to only go to registered receivers if it is reporting a change in
components of a package (not a change in the overall package). There
should be no reason for apps to launch if component states change
(they can always query the next time they run), and since apps can
change their component state as needed and don't think of this as
an especially expensive operation, we don't want that to result in
a lot of other apps launching.

Change-Id: I5fd005c4ff838b6eade767cf87a928e906f4de63
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3cdb56efea044112bfe1b97b3ed78ee05e0dba46 11-Nov-2015 Dianne Hackborn <hackbod@google.com> Some debugging improvements.

- Fix dumping of package manager intent filters so the option
to print the filter detail works again.
- Extend dump resolvers to allow you to specify the specific
types of resolvers you'd like to dump.
- Add new package manager commands for querying activities,
services, receivers.
- Move the code for parsing a command line into an intent to
the framework, so it can be used by the new package manager
commands and later elsewhere.

Change-Id: I56ea2bb8c3dd0e5198ee333be8f41ad9dcdb626f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f9fc6d6cc05595241bc7ced6d4cab97b45f9b901 09-Nov-2015 Jeff Sharkey <jsharkey@android.com> More file-based encryption work.

Add granular StorageManager APIs for key creation/destruction and
unlocking/locking. Start passing through an opaque token as part
of the unlock command, but leave it empty for now. We now have a
separate "prepare" method that sanity checks that user directories
are correctly setup.

Define a handful of system properties used for marking devices that
should be operating in FBE mode, and if they're emulating FBE. Wire
a command to "sm", but persisting will come later.

Start using new "encryptionAware" flag on apps previously marked with
coreApp flag, which were apps running in the legacy CryptKeeper
model. Small tweaks to handle non-encryptionAware voice interaction
services. Switch PackageManager to consult StorageManager about the
unlocked state of a user.

Bug: 22358539
Change-Id: Ic2865f9b81c10ea39369c441422f7427a3c3c3d6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
183501e1aaee9584f8f0c6ea2d983e3fc17429d1 11-Nov-2015 Nicolas Geoffray <ngeoffray@google.com> Merge "Remove performBootDexOpt and am's ensurePackageDexOpt."
27c073796978106746e4a51f2100b29068ab37f6 05-Nov-2015 Nicolas Geoffray <ngeoffray@google.com> Remove performBootDexOpt and am's ensurePackageDexOpt.

Except common shared libraries and boot image, all compilations
are now done through BackgroundDexOptService.

Change-Id: Ib736e253c38b0c8085bc94e45f4e61a048f66e26
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3eef5a5273ed6fb1c2d96d80acea4553057d8d09 10-Nov-2015 Jeff Sharkey <jsharkey@android.com> Temporarily disable to fix deadlock.

Bug: 25584022
Change-Id: Icee579cfebfb75c573e9a54622f219e0f81fbd35
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e17ac1569793c333bb4dce86607a342e7c982ae7 07-Nov-2015 Jeff Sharkey <jsharkey@android.com> More APIs for encryption-aware apps.

Apps can mark manifest components as being encryption-aware, which
means they can safely be run before the credential encrypted storage
is available.

Start adding filtering logic so that we only return these components
when a user is running "with amnesia." That is to say, only device
encrypted storage is available, so the user is running but with only
partial knowledge of its data.

To avoid calling into ActivityManager with the PackageManager lock
held, we quickly determine user state and splice the state into the
flags for later per-component evaluation.

Bug: 22358539
Change-Id: Idc56ec29f1ef04da8963e004314d7f5e47400997
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
15447798a38d2b5acb1998731340255f4203f294 06-Nov-2015 Jeff Sharkey <jsharkey@android.com> Initial file-based encryption public APIs.

Define two explicit directories where device-encrypted and
credential-encrypted data will be stored. Third-party apps only
need access to the device-encrypted directory, so that's the only
API exposed for now.

General cleanup in how ApplicationInfo details are derived.

Bug: 22358539
Change-Id: If0a0108721a4aa1c3052b4912e08604bbf24e1ae
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3b0660412ce46eece710bbf1fc3c0b14ea08deef 05-Nov-2015 Jeff Sharkey <jsharkey@google.com> Merge "Kick movement preconditions onto handler thread." into mnc-dr-dev am: e10faaa410 am: 2de7e39ffa am: 73d60ff36f
am: 8bad938369

* commit '8bad93836922805a93c2385fa79e22de8288f9ab':
Kick movement preconditions onto handler thread.
8bad93836922805a93c2385fa79e22de8288f9ab 05-Nov-2015 Jeff Sharkey <jsharkey@google.com> Merge "Kick movement preconditions onto handler thread." into mnc-dr-dev am: e10faaa410 am: 2de7e39ffa
am: 73d60ff36f

* commit '73d60ff36fbf656d022c2d4f35b8e9f2d25e795f':
Kick movement preconditions onto handler thread.
f131e1aae9c04d58a6ac0c51555ed90ea4158d6e 05-Nov-2015 Jeff Sharkey <jsharkey@android.com> Kick movement preconditions onto handler thread.

The bulk of package moving already occurs on the handler thread,
but one of the precondition steps requires that we make an installd
call to calculate disk space of the app. If there was already
another long-running installd call going on, we could end up ANR'ing
the caller.

Since movePackage() is already designed to return a moveId and go
async, we can push all the precondition steps onto the handler thread
to prevent the ANR.

Bug: 25490003
Change-Id: I62d555c23bbf81b791f6f4cabc40c3d64c580cf8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4c515357e5aad1b500ac07ebdbee9d08dc37c927 05-Nov-2015 Svetoslav Ganov <svetoslavganov@google.com> Merge "Enforce weaker grant if app is default handler for miltiple action" am: 035374d7a2 am: a9b62e1330
am: 1809ccc62e

* commit '1809ccc62e6c3649b3024a099dccccb3b773cf49':
Enforce weaker grant if app is default handler for miltiple action
1809ccc62e6c3649b3024a099dccccb3b773cf49 05-Nov-2015 Svetoslav Ganov <svetoslavganov@google.com> Merge "Enforce weaker grant if app is default handler for miltiple action" am: 035374d7a2
am: a9b62e1330

* commit 'a9b62e13305d9cb43f53831f0b92d72bd490c1ae':
Enforce weaker grant if app is default handler for miltiple action
a9b62e13305d9cb43f53831f0b92d72bd490c1ae 05-Nov-2015 Svetoslav Ganov <svetoslavganov@google.com> Merge "Enforce weaker grant if app is default handler for miltiple action"
am: 035374d7a2

* commit '035374d7a29b4e0b0bc71bdfb3555b2e547ce1da':
Enforce weaker grant if app is default handler for miltiple action
5db602fd196cde39feed21e173b553aae136d040 03-Nov-2015 Svetoslav <svetoslavganov@google.com> Enforce weaker grant if app is default handler for miltiple action

Change-Id: Ibc46e458e277412ebb276eb5ba6f2765b6b6c5e9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8948c01eb726ec79983472e5597ddac8004f9f44 03-Nov-2015 Jeff Sharkey <jsharkey@android.com> Yell when calling installd with PM lock held.

As a matter of policy, we should never be holding the mPackages lock
while calling down into installd. This little bit of logic helps us
catch accidental cases where this happens.

Change-Id: I676c81df43ef936ffd36290d45a79429630c1b4b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
598ee3f6c2cca9eecc7ad90f2003e36f5fb04114 03-Nov-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Introduced short-term lock for UMS internal state"
82402753815ff4633cc572713ae490a17d9129e5 28-Oct-2015 Fyodor Kupolov <fkupolov@google.com> Introduced short-term lock for UMS internal state

Added mUsersLock - short-term lock for internal state, when interaction and
synchronization with PM is not required. Modifications to mUsers and
mRemovingUserIds must be guarded by 3 locks: mInstallLock, mPackagesLock and
mUsersLock. While reads can use mUsersLock.

Testing revealed that the following methods in UMS often cause contention:
- exists
- getUserInfo
- getProfileParent

They all now use a short-term lock mUsersLock for reads.

Bug: 24979571
Change-Id: Ie3a22ea7cbb450c7969800fe2a4a2b2516165e5b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
60459abb211a11caf71238a44f543fdc18289772 30-Oct-2015 Todd Kennedy <toddke@google.com> Implement shell commands for package and user services

Only implement the 'list' package service command. More will follow
in future CLs.

Change-Id: Iae225cd4ee63c7d468a4fd882d8cb4b6b76ccc09
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f2e81e904a57660eabcb4c0c24bf8e6e6b1f6467 02-Nov-2015 Svetoslav Ganov <svetoslavganov@google.com> Merge "Don\'t try overriding system fixed permissions on install" into mnc-dr-dev am: a47f9dad2b am: c4c1866228
am: 023f4d158d

* commit '023f4d158d96bb4237733db0a1e124eae499d7cc':
Don't try overriding system fixed permissions on install
4f7883ce61aa8781f8781104fbee18d8ba1feb81 02-Nov-2015 Svet Ganov <svetoslavganov@google.com> Don't try overriding system fixed permissions on install

bug:25397466

Change-Id: Ie92ec000a94b757178ddfdd9384407535f4af9db
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
df5f870d989bd1f3c94466adace1e3879d77178e 30-Oct-2015 Jeff Sharkey <jsharkey@android.com> resolve merge conflicts of 07c6628d68 to master.

Change-Id: I29c9b408956c578ce1cfe0eb5d8704b7a5d2f818
07c6628d68da39582d8d682bc9c849be8bfaaa10 30-Oct-2015 Jeff Sharkey <jsharkey@google.com> Merge "Handle "uninstalled" apps when pruning app-ops." into mnc-dr-dev am: a975732a83 am: 637d05eb5c
am: d359137d41

* commit 'd359137d419023f207351251cdbfa23180236963':
Handle "uninstalled" apps when pruning app-ops.
e2ed23e6b221185ce2587fb19a6e904dbf7ec77b 30-Oct-2015 Jeff Sharkey <jsharkey@android.com> Handle "uninstalled" apps when pruning app-ops.

During system boot, we prune app-ops belonging to apps that have
been uninstalled. However, apps installed on adopted storage devices
haven't been scanned at this point, so they appear to be uninstalled.

To avoid pruning app-ops for these apps, we need a getPackageUid()
variant that also considers "uninstalled" apps for which we still
have PackageSetting values.

Bug: 25206071
Change-Id: I1820f674d45c5ddc1c5f10ed7d859e7025005e28
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0529672a8cffd2abb749265ddeb703a179c34662 29-Oct-2015 John Reck <jreck@google.com> resolve merge conflicts of a1b8d77ca3 to master.

Change-Id: Ia78c6d31687542dfaba20b177e774333cfb1edb5
a1b8d77ca3ea6cc5e851dce8701785524e3049eb 29-Oct-2015 Svetoslav Ganov <svetoslavganov@google.com> Merge "Make SYSTEM_ALERT_WINDOW development permission" into mnc-dr-dev am: 2658cb002a am: 35151fbc8b
am: 08d013d3a1

* commit '08d013d3a1e6306533c2fae1a4581986ffc9a642':
Make SYSTEM_ALERT_WINDOW development permission
2658cb002abae9341c9a82bfeaed764ba5bf97c8 29-Oct-2015 Svetoslav Ganov <svetoslavganov@google.com> Merge "Make SYSTEM_ALERT_WINDOW development permission" into mnc-dr-dev
01af6a42a6a008d4b208a92510537791b261168c 27-Oct-2015 Svetoslav <svetoslavganov@google.com> Make SYSTEM_ALERT_WINDOW development permission

bug:25329324

Change-Id: I0086464846bab9424764dd0d726692d96a0f1207
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a7473a671c717d77fd32e6155e16635dbe7c173e 27-Oct-2015 Svetoslav <svetoslavganov@google.com> Installer can override system or policy

The installer can grant permissions at install/update. It
can wrongly override system and policy and grant permissions
explicitly revoked by the system or device/profile owner.

bug:25323455

Change-Id: Ica4241bfdef753e1d6cb80692c6b375300a05459
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8e46e7db5d47818b469366c044ed6f29696fdc32 26-Oct-2015 Xiaohui Chen <xiaohuic@google.com> Scan package with null user context.

Bug: 25185277
Change-Id: Ib15c04b55b10e315f186dd58a9489bbfcd527061
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c982b407b9ff83465a12ec9225409edf45828ef0 22-Oct-2015 Nicolas Prévot <nprevot@google.com> Merge "Don\'t resolve cross-profile app links without intent picker." into mnc-dr-dev am: 6666b29cf7 am: f31628f58b am: d7688f5933
am: e1be56cdff

* commit 'e1be56cdfff431985ffd931bdd7c001e4c87478d':
Don't resolve cross-profile app links without intent picker.
e1be56cdfff431985ffd931bdd7c001e4c87478d 22-Oct-2015 Nicolas Prévot <nprevot@google.com> Merge "Don\'t resolve cross-profile app links without intent picker." into mnc-dr-dev am: 6666b29cf7 am: f31628f58b
am: d7688f5933

* commit 'd7688f593327929e2bc42989236b62ddecf5e8b5':
Don't resolve cross-profile app links without intent picker.
ff91ef8ed1156e29af212417c290c295eb7e0320 22-Oct-2015 Nicolas Prevot <nprevot@google.com> Don't resolve cross-profile app links without intent picker.

If ALLOW_CROSS_PROFILE_APP_LINKING has been set:
If there is an app with status always across profiles, and some
apps without status always in the current profile: show an intent
picker instead of directly resolving across profiles.

BUG:25109215

Change-Id: I74a67d231284ce912121ea0818109fbf904183e8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a15f791cd8f33565a7b03c86c9da186e5a1e235f 21-Oct-2015 Jeff Sharkey <jsharkey@android.com> Narrow permission re-granting to specific volume. am: 052366ca4e am: 0b639c78f1 am: 7a6a7ae64d
am: 949ea14429

* commit '949ea1442925cbbce72ccff1b0ffc7c7f876e97b':
Narrow permission re-granting to specific volume.
949ea1442925cbbce72ccff1b0ffc7c7f876e97b 21-Oct-2015 Jeff Sharkey <jsharkey@android.com> Narrow permission re-granting to specific volume. am: 052366ca4e am: 0b639c78f1
am: 7a6a7ae64d

* commit '7a6a7ae64dea59c0ee3e617c333ec389fcfe911c':
Narrow permission re-granting to specific volume.
052366ca4e6138b583d08535bd1837deb7cd58d0 21-Oct-2015 Jeff Sharkey <jsharkey@android.com> Narrow permission re-granting to specific volume.

When mounting a storage volume after an SDK upgrade, the platform
grants install permissions requested by apps. This patch fixes a
bug that was causing us to re-grant permissions for all installed
apps; we now narrow the granting to just the storage volume of
interest.

Also fixes a bug where scanning of internal ASECs would bump the
VersionInfo of the legacy apps-on-SD volume.

There is still a bug here around internal ASECs not being considered
for re-grants, but that needs to be fixed in a more invasive CL that
creates a separate VersionInfo. In addition, internal ASECs (also
known as forward locked apps) have been deprecated for some time.

Bug: 24583803
Change-Id: I9115fd484ec083bc10a970f5f612860d5a53e520
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
008672f62d15bac2b26502f20688da92d5ad3292 21-Oct-2015 Jeff Sharkey <jsharkey@google.com> Merge "Correctly derive ABI for apps on adopted media." into mnc-dr-dev am: 55d2b6e8e6 am: 257d2ca7fd am: e01b99faa5
am: 6dee8faff3

* commit '6dee8faff3b25c6dd6c8fa308ceb0fb8b31f6a05':
Correctly derive ABI for apps on adopted media.
6dee8faff3b25c6dd6c8fa308ceb0fb8b31f6a05 21-Oct-2015 Jeff Sharkey <jsharkey@google.com> Merge "Correctly derive ABI for apps on adopted media." into mnc-dr-dev am: 55d2b6e8e6 am: 257d2ca7fd
am: e01b99faa5

* commit 'e01b99faa54a083ae7b10db902a03f4aa6c9bd63':
Correctly derive ABI for apps on adopted media.
bbcb3312050dc89385e70e96fee7d88fbcb4e794 21-Oct-2015 Jeff Sharkey <jsharkey@android.com> Correctly derive ABI for apps on adopted media.

There was a bug causing PackageManager to think apps on adopted media
were actually in an ASEC, causing it to skip ABI derivation. This
change fixes the issue by copying the volume UUID into place early
in the scanning process.

Also fixes two places where we had incorrectly been including apps
on adopted media; switched them to check only for ASECs.

Bug: 24583803
Change-Id: If66d1bce02824a4d8e22f741b04a2abda0378cfb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2fbd20fd7b213daef99598a836c285fdf7794c57 20-Oct-2015 Todd Kennedy <toddke@google.com> Merge "Enable "quick install""
27c24fb8b85c36298de053699b1967a808c6d308 18-Sep-2015 Todd Kennedy <toddke@google.com> Enable "quick install"

Quick install skips a lot of the normal install steps in order to
dramatically reduce the installation time [eg Twitter normally takes
20s to install. But, installs in under 2.5s with quick install]

The specific optimizations [with caveats]:
1. Use the JIT. Although the oat file is technically created, it
only contains the exploded contents of the APK and does not contain
pre-compiled native binary code. While this improves install time,
it impacts app execution. [saves 17s]
2. Bypass Play verification. Play normally verifies all installs
to ensure we're not installing malware. But, it can take multiple
seconds for Play to collect and send package information to our
backend servers. [saves 2.7s]
3. Reduce JAR file verification. Due to the structure of the JAR
certs, we cannot completely bypass JAR processing. However we skip
the step of verifying every manifest entry. [saves 1.3s]

NOTE: #2 and #3 will only occur on eng/user-debug builds.

Bug: 22848361
Change-Id: I48e77595ad5c13a9534fdb06da67ba8dae2797fb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
71d3260ffa99bf7e580d9ebd979a1e7863b50223 13-Oct-2015 Jeff Hao <jeffhao@google.com> Shorten first boot time by filtering dexopted apps by LRU.

No longer dexopt all system apps and boot listener user apps.

Bug: 23628238
Bug: https://code.google.com/p/android/issues/detail?id=186589

(cherry-picked from commit b84cb9e9719855d56ea74c2eb7afc49034c0e66f)

Change-Id: Id1a1ca9f46777f9e62df3d4f25e98a2837fabf37
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3a2d034062aebb4165ef79bd4482956b747407b1 13-Oct-2015 Svetoslav Ganov <svetoslavganov@google.com> am 5d6d2988: am d93e404e: am 1b872618: am 7a097ff1: Merge "Shared user retains permissions no longer used by any app on an app update" into mnc-dr-dev

* commit '5d6d29882354804050baacb156ac5e59f3fd2b7b':
Shared user retains permissions no longer used by any app on an app update
5d6d29882354804050baacb156ac5e59f3fd2b7b 13-Oct-2015 Svetoslav Ganov <svetoslavganov@google.com> am d93e404e: am 1b872618: am 7a097ff1: Merge "Shared user retains permissions no longer used by any app on an app update" into mnc-dr-dev

* commit 'd93e404ef27f5589248630a13f4bbac6ead9ff52':
Shared user retains permissions no longer used by any app on an app update
ff7b92fc02e3bf3a799716b396860d59e81886cb 13-Oct-2015 Svetoslav <svetoslavganov@google.com> Shared user retains permissions no longer used by any app on an app update

If an app in a shared user uses permission A and B and these are granted
to the shared user and now an app update is installed that only uses A,
the shared user still ratains the B grant. A shared user should have only
permissions declared as used by its currenlty installed apps.

bug:24736912

Change-Id: Idea6c06bdc236fd481a860cddb379e6ce660ee87
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a52562ca9a4144cf30e6d5c6ffe856cc8e284464 02-Oct-2015 Makoto Onuki <omakoto@google.com> setDeviceOwner() now requires a full component name.

Bug 20149907

Change-Id: I24e66159d1d966925aa3a494b1e2839b07cdafa2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
369d3dcda03090c314ad2a350335b060eeb1bbd6 02-Oct-2015 Xiaohui Chen <xiaohuic@google.com> Merge "Cleanup USER_OWNER in pm"
47f0795d171a25d30ee5b48a6ff1828fb5c92c19 02-Oct-2015 Xiaohui Chen <xiaohuic@google.com> Cleanup USER_OWNER in pm

Bug: 19913735
Change-Id: I27947f539ca8346e3abd96fc1f800a65945be128
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a1d12cfdb072acb14fa95d5e771e23396e6bd8e1 30-Sep-2015 Todd Kennedy <toddke@google.com> Update PackageInstaller install handing

* Allow forcing permission check. We want to modify the PackageInstaller to
use the PackageInstallerSession for better security / remove deprecated APIs.
In order to do this and continue to prompt for permissions, we need to prevent
the PakcageInstaller from auto-approving the permissions.

* Add originating UID to SessionParams. This is used for package verifier
checks.

Bug: 22282121
Change-Id: I19079749d20ace66f1332f399d52cb0fb8784cd9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6b78340f6cfa49341bfdcc6e0b80a697d76f5b0f 28-Sep-2015 Todd Kennedy <toddke@google.com> resolved conflicts for b4d41021 to master

Change-Id: Ib413c588ffb7a2b4385d2088e6de782417625037
b4d41021b41b60ce0b053035105d51f453816b1d 28-Sep-2015 Todd Kennedy <toddke@google.com> am 92b28f37: resolved conflicts for 4ed21bf0 to stage-aosp-master

* commit '92b28f37de9956c172f779df4cf540abc5b94deb':
Allow using the JIT
92b28f37de9956c172f779df4cf540abc5b94deb 28-Sep-2015 Todd Kennedy <toddke@google.com> resolved conflicts for 4ed21bf0 to stage-aosp-master

Change-Id: I9c8ab83589ee3786c884f34066c1f3d709dc5136
8c6e5372257b1fa5135811fbafeb234f173091a9 25-Sep-2015 Todd Kennedy <toddke@google.com> Allow using the JIT

Instead of the JIT only being available for eng builds [or configurable
via environment variable], allow the JIT to be enabled programatically.

Change-Id: Ifcbc8445fb8bd45ce2bfed3f80fbaf48496f8e3a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
56ebb257085ffed21c98ba98ced959ffe6afaca3 26-Sep-2015 Todd Kennedy <toddke@google.com> resolved conflicts for 389bb7f5 to master

Change-Id: I9c3474577166cc91c50d32d225957fbd13c205bf
389bb7f509fc74de3656492a9c474c11bcc96e5b 26-Sep-2015 Todd Kennedy <toddke@google.com> am 9f860264: resolved conflicts for 7de7e0b0 to stage-aosp-master

* commit '9f8602644418ecfb1a5c9555792ceed285fa72bd':
Pass dexopt flags as integer
9f8602644418ecfb1a5c9555792ceed285fa72bd 26-Sep-2015 Todd Kennedy <toddke@google.com> resolved conflicts for 7de7e0b0 to stage-aosp-master

Change-Id: I4e45e5bbaebb98b0e740167eaf7517f99d917f30
fa54ab7950b7ad7605cb842b47826b71a685bc28 25-Sep-2015 Todd Kennedy <toddke@google.com> Pass dexopt flags as integer

Instead of using a series of booleans, create a single flags integer
that contains all of the dexopt options.

Change-Id: Ia8fa968f64b164267f43dd29cea9dc0413058125
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4e321745173de1eb89343238fadfbcc7ba1a88f9 24-Sep-2015 Todd Kennedy <toddke@google.com> resolved conflicts for cafacef6 to stage-aosp-master

Change-Id: Id02e098a02aede327c5bc1a98aa177d8bf9ec5a9
cafacef60e49bbb8f6d829d261b46c5e7d119577 24-Sep-2015 Todd Kennedy <toddke@google.com> Merge "Frameworks/base: Propagate boot status to installd"
55fe944f987bcbdea8bbec7ea411684f69623da4 21-Sep-2015 Andreas Gampe <agampe@google.com> Frameworks/base: Propagate boot status to installd

Propagate the boot status explicitly to installd so that we do not
have to rely on dev.bootcomplete, which isn't meaningfully set
when the device needs the decryption screen on boot.

Bug: 23898216
(cherry picked from commit 06bb908b78e3c790d3db52fef9f2ab0a129e53cd)
Change-Id: I9b34298caf70b1e5d40970cc0d04c469016a80a7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b18d084f4bb8e2f69732a014b78f6378481d9906 24-Sep-2015 Jeff Hao <jeffhao@google.com> resolved conflicts for f005d55f to master

Change-Id: I82027116a2b0bfc8b1ff1e20c3a115a1ba8a19db
f005d55fb76902a09bede226887313c14b806753 24-Sep-2015 Jeff Hao <jeffhao@google.com> am 75ab8c77: am 384d84f4: Merge "Shorten first boot time by filtering dexopted apps by LRU."

* commit '75ab8c7789b4ec5e26bc7d2f773a6c39d39a821b':
Shorten first boot time by filtering dexopted apps by LRU.
75ab8c7789b4ec5e26bc7d2f773a6c39d39a821b 24-Sep-2015 Jeff Hao <jeffhao@google.com> am 384d84f4: Merge "Shorten first boot time by filtering dexopted apps by LRU."

* commit '384d84f4f02643b63335f6d8d884adc1186d6896':
Shorten first boot time by filtering dexopted apps by LRU.
b84cb9e9719855d56ea74c2eb7afc49034c0e66f 23-Sep-2015 Jeff Hao <jeffhao@google.com> Shorten first boot time by filtering dexopted apps by LRU.

No longer dexopt all system apps and boot listener user apps.

Bug: 23628238
Bug: https://code.google.com/p/android/issues/detail?id=186589

Change-Id: Ib4f960686afcfda13838f7783c2d3ccf8e26db72
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bc68463602b6c26cca8988e55df8dbf48ca653e5 22-Sep-2015 Andreas Gampe <agampe@google.com> resolved conflicts for 5d7b68d4 to master

Change-Id: I6f56e8e11c35733f8d84346ca2b9a201784552e1
b49245f96233b7f89fb5d4ba52576131ca6fb47a 22-Sep-2015 Andreas Gampe <agampe@google.com> Merge "Frameworks/base: Propagate boot status to installd" into mnc-dr-dev
06bb908b78e3c790d3db52fef9f2ab0a129e53cd 21-Sep-2015 Andreas Gampe <agampe@google.com> Frameworks/base: Propagate boot status to installd

Propagate the boot status explicitly to installd so that we do not
have to rely on dev.bootcomplete, which isn't meaningfully set
when the device needs the decryption screen on boot.

Bug: 23898216
Change-Id: I9b34298caf70b1e5d40970cc0d04c469016a80a7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fd83681aeafce94c6ea10e202ce1e8e104a639d3 21-Sep-2015 Jeff Sharkey <jsharkey@android.com> am e1964182: am 9314f94b: am b7b17fa6: am 281a868c: am e1a6299b: Relax locking when scanning private volumes.

* commit 'e1964182de52d00950219810798ea4e7900fb57b':
Relax locking when scanning private volumes.
281a868c69e0915efc16eb3c65f669bbf0df69df 21-Sep-2015 Jeff Sharkey <jsharkey@android.com> am e1a6299b: Relax locking when scanning private volumes.

* commit 'e1a6299b994bbdb304550e00d5b3b26a064bdf0c':
Relax locking when scanning private volumes.
f3d939cc73a7c9846b649e4856378b1e04ad14a9 17-Sep-2015 Christopher Tate <ctate@google.com> At install, require the presence of code if hasCode=true

Bug 23875788

Change-Id: I125ea4caf9e558e875e36dc8534f0d0877ff1e89
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e1a6299b994bbdb304550e00d5b3b26a064bdf0c 18-Sep-2015 Jeff Sharkey <jsharkey@android.com> Relax locking when scanning private volumes.

Private volumes with many large apps can take a long time to scan,
which currently happens on the main thread with several large locks
held, making it likely to trigger the system-wide watchdog.

This change relaxes this locking by scanning on the PackageManager
worker thread, and by only holding locks when required. In
particular, we release the installer lock between each scan to give
other apps waiting to dexopt a chance to breathe.

Bug: 24172036
Change-Id: Ie28d3ff72d6be28fa2f72c57d5e4146c768df89d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cf9f751206e027a1654572585d045a325dec4ecc 16-Sep-2015 Fyodor Kupolov <fkupolov@google.com> am fd464a30: am 71b4b738: am d20f2106: am bfc584df: Merge "Use app directory as apkPath for cluster installs" into mnc-dr-dev

* commit 'fd464a301fea9395ad2b882dc90b0fee6515e9d1':
Use app directory as apkPath for cluster installs
a5bf0dea33be6470e2431abde7cc9d8874a9e898 14-Sep-2015 Nicolas Prévot <nprevot@google.com> Merge "Don't consider non-enabled users for cross-profile intents."
ebcac16cb1405bf7d0b570e11a287df078edfc1c 10-Sep-2015 Fyodor Kupolov <fkupolov@google.com> Use app directory as apkPath for cluster installs

Previously, size of of oat directory was not counted by the getsize command,
because base APK location was passed as apkpath argument.

Bug: 23896047
Change-Id: Ic7b6b725785ff2e2a0cf3887ba68c162b23b1212
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ddb7255838a4e129f2924d39e5b56487e0586ba8 04-Sep-2015 Nicolas Prevot <nprevot@google.com> Don't consider non-enabled users for cross-profile intents.

Previously, if we removed a managed profile and added a new one
immediately:
Until the old managed profile was completely cleaned up,
the presence of the old managed profile prevented cross-profile intents
from working properly with the new managed profile.

BUG:23520975
Change-Id: If46c6c0c0fa000df0982a21272a37fa3da54aa24
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
16b43e43f973896baa14961c4805979eeb310654 03-Sep-2015 Svetoslav Ganov <svetoslavganov@google.com> am e4428808: am 8fddbc44: am a5cd5d87: am 0b5162c8: am 6dd856b1: Merge "Don\'t drop runtime permissions on older system app update." into mnc-dev

* commit 'e4428808bf4d26cbfdef1a6f19f2c9a794442a9b':
Don't drop runtime permissions on older system app update.
0b5162c85f01f8451120e7ad82aa7193850862f7 03-Sep-2015 Svetoslav Ganov <svetoslavganov@google.com> am 6dd856b1: Merge "Don\'t drop runtime permissions on older system app update." into mnc-dev

* commit '6dd856b1ea31bae083b6c2ed40af812c41b3a6cf':
Don't drop runtime permissions on older system app update.
6dd856b1ea31bae083b6c2ed40af812c41b3a6cf 03-Sep-2015 Svetoslav Ganov <svetoslavganov@google.com> Merge "Don't drop runtime permissions on older system app update." into mnc-dev
c84161847aea15a258ca97c7e7fb90caff421d2e 03-Sep-2015 Christopher Tate <ctate@google.com> am 46ac9a16: am a91d4357: am 623def69: am 7bae31f8: am 60aae166: Apply default link-handling policy at OTA from pre-M

* commit '46ac9a16666ae282d7dde1decb1e45d77eaac652':
Apply default link-handling policy at OTA from pre-M
7bae31f88f8dcaf8114d9d43b29e154bc23374ad 02-Sep-2015 Christopher Tate <ctate@google.com> am 60aae166: Apply default link-handling policy at OTA from pre-M

* commit '60aae166e99dff0dba379e14c0fc43e89fd1a018':
Apply default link-handling policy at OTA from pre-M
6499a85a30e59a33ee643e9fda7d36d794716769 02-Sep-2015 Svetoslav <svetoslavganov@google.com> Don't drop runtime permissions on older system app update.

We have a device with an installed version of an app that is not
preinstalled and has some runtime permissions granted. Now we get
OTA with an older version of the app which does not request these
runtime permissions. We first scan system packages and then installed
apps. During the scan we encounter the newly appeared system package
and determine it is older than the one we have installed and disable
it.

However, before we disable the package we update the permissions
for this package but since the one on the system partition (the one
we found so far) doesn't request some of the runtime permissions
granted to the installed version of the app, they get dropped on the
floor. This grant attempt is not necessary as the permission the
installed package has depends entirely on the permissions it requests.
In this process we may look at the requested permissions on the
disabled system package but in general the updated package cannot
have a permission that it does not request regardless whether the
disabled system app requests it or on.

bug:23718806

Change-Id: I187bc11750eb270c3233c314992186f5d58d9d82
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
60aae166e99dff0dba379e14c0fc43e89fd1a018 02-Sep-2015 Christopher Tate <ctate@google.com> Apply default link-handling policy at OTA from pre-M

Not just at first (wiped) boot.

Bug 23744303

Change-Id: I9ab42f7b081e92231d89b3c97935135c3dd901d4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ecf9b05812a42a76473e14c41c7c04a25dcfa741 31-Aug-2015 Todd Kennedy <toddke@google.com> Merge "Tweak systrace calls"
c3008a698b32ef91e13fe9559570db1ebbd07439 29-Aug-2015 Ian Pedowitz <ijpedowitz@google.com> am 80bed748: am 2e80aa73: am 6f75cb14: am 8d027e6d: am 3c227bf2: Merge "Show the ResolverActivity in dock mode" into mnc-dev

* commit '80bed748170b24f57d6a2db92b00c6be34e8f36a':
Show the ResolverActivity in dock mode
8d027e6d523d13a9cf2a5cf4ef901cc3e78b901d 29-Aug-2015 Ian Pedowitz <ijpedowitz@google.com> am 3c227bf2: Merge "Show the ResolverActivity in dock mode" into mnc-dev

* commit '3c227bf2418c6d1b6831f0fa7ad0442b0fcbdc07':
Show the ResolverActivity in dock mode
3c227bf2418c6d1b6831f0fa7ad0442b0fcbdc07 29-Aug-2015 Ian Pedowitz <ijpedowitz@google.com> Merge "Show the ResolverActivity in dock mode" into mnc-dev
1a350157198bd8700f1e81b8ce3f7c656f91dba9 29-Aug-2015 Todd Kennedy <toddke@google.com> Tweak systrace calls

Tracing needed a few tweaks.

First, add overall tracing for all of the incoming methods that cause a
package to go through the install flow -- installPackageAsUser, installStage
and movePackage.

Second, add a few more traces for things such as dexopt.

Third, adjust some of the calls; avoid using the async trace methods
when they're not necessary, etc...

Change-Id: Iff47189ddad4478d9fbc6eac2f7031e54cba6271
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3f4c29824898e359410d288d5f6e936a5a0f09d9 28-Aug-2015 Jeff Sharkey <jsharkey@google.com> am 0551d5d9: am ac4fd070: am 90023609: am 71f15791: am d88152b4: Merge "Give shell permission to move apps." into mnc-dev

* commit '0551d5d9ee2888779e9c37c9a509451ef65ef981':
Give shell permission to move apps.
71f1579190ee3658db15f55a4e5571f03ce431b6 28-Aug-2015 Jeff Sharkey <jsharkey@google.com> am d88152b4: Merge "Give shell permission to move apps." into mnc-dev

* commit 'd88152b4d910fa5e79908dcb6f14cd56ad03b21a':
Give shell permission to move apps.
e515c6495d2ad6317303617ba20509b4e8aa7654 28-Aug-2015 Jeff Sharkey <jsharkey@android.com> Give shell permission to move apps.

Also clear identity when measuring ASEC sizes to relax a second
permission requirement.

Bug: 23600574
Change-Id: Ib3a104426758e0e8f35dff0e504fe874bed7311f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
175c22e2018dabad28ec11b81d03096766a6eb66 28-Aug-2015 Christopher Tate <ctate@google.com> Show the ResolverActivity in dock mode

If there are multiple dock apps present the end result should be
the disambiguation UI, not a fast-forward to the 'normal' home
app.

Bug 23501598

Change-Id: Iebc106b136cb1e446d1e93935738335504f5b812
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d3a182e5734f460a510d229e27d27ac4cd72d9ff 26-Aug-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Renamed primaryUserOnly to systemUserOnly"
4f5de340c9c7b12d7d67ca53bac863976b36fd32 25-Aug-2015 Fyodor Kupolov <fkupolov@google.com> Renamed primaryUserOnly to systemUserOnly

In the split mode, broadcast receivers and activities marked as
systemUserOnly will be running as system. This is a non-functional change for
non-split system user mode.

Bug: 22958572
Change-Id: I0f7d4f4a81275bc326bf630a776c695e8b5291a6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
95a57ee0a6456f1f5c2a9e9c6b8092f157130507 25-Aug-2015 Nicolas Prevot <nprevot@google.com> am ee02b881: am 6fbf2724: am ae2880a6: am 26b555d4: am d34ecae4: Don\'t set a null filter to a cross-profile ResolveInfo.

* commit 'ee02b88183e700592acd3848af690f318c50a73c':
Don't set a null filter to a cross-profile ResolveInfo.
26b555d42ce2cf78d42ebcc9806447bf83df9318 25-Aug-2015 Nicolas Prevot <nprevot@google.com> am d34ecae4: Don\'t set a null filter to a cross-profile ResolveInfo.

* commit 'd34ecae444867b78be06bb5a6b0fb2a66c2e30aa':
Don't set a null filter to a cross-profile ResolveInfo.
d34ecae444867b78be06bb5a6b0fb2a66c2e30aa 25-Aug-2015 Nicolas Prevot <nprevot@google.com> Don't set a null filter to a cross-profile ResolveInfo.

ResolverActivity expects the filter not to be null.

BUG:23395395
Change-Id: Ie7081daba1ad138b1a3903ef9dd1b649806c8d0e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
225c8387eba89a029ab31f786cb1de23a38a446e 20-Aug-2015 Xiaohui Chen <xiaohuic@google.com> Merge changes I260758f1,Ib6c2ed11

* changes:
Clean up USER_OWNER reference in PMS
Clean up USER_OWNER in notifications
741abfc12074623d24297ebb67d98cb2d9126add 11-Aug-2015 Nicolas Prevot <nprevot@google.com> Fix cross-profile intent filters with system-user split.

Don't assume that the parent is always the user owner.

BUG:23105562
Change-Id: Ia98ed608e2b6d1d82d95a73110134d85274c6abf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
16387b44f5fcdf205f101d8f49ee74515010f00d 18-Aug-2015 Xiaohui Chen <xiaohuic@google.com> Clean up USER_OWNER reference in PMS

Package manager service is tricky to me, so I only have very small
changes.

Bug: 19913735
Change-Id: I260758f19f0ddb073d0c3f675683f8d0efda2dc5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
594f208d661bc29dafef91e948d36cac652d59db 18-Aug-2015 Xiaohui Chen <xiaohuic@google.com> Clean up USER_OWNER reference in pm/Settings

Bug: 19913735
Change-Id: I538ed443b945e9cbb731520450bf5ef39882ae37
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8324a6ee8334668c25e05c669bc04bf9c0c8c583 19-Aug-2015 Yusuke Sato <yusukes@google.com> Trace scanDirLI()

Change-Id: I3761b4991d45684e9b712c5870bcacd08dc806de
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
848dd4bfc9575956187eccfc7c563eb9dd64a2b4 14-Aug-2015 Chris Tate <ctate@android.com> am 14e12258: am 13845aea: am b2d4c550: am b47890c4: am 7e7d79ef: Merge "Make "Ask every time" actually work that way" into mnc-dev

* commit '14e122582c45e236bf2e4c59d10438816f2eed09':
Make "Ask every time" actually work that way
93729fea513f2674da2acc3e0c7324eda827d9df 14-Aug-2015 Dianne Hackborn <hackbod@google.com> am 564e87a3: am 1058bf0f: am e2fd2850: am 9e398eb5: am 81f3a85a: Merge "Fix issue #22940169: "pm grant" can no longer grant permissions..." into mnc-dev

* commit '564e87a36f6cfddee23bf7daf1b54e478411f087':
Fix issue #22940169: "pm grant" can no longer grant permissions...
b47890c4e7a7fc119e74da2b50bf94c2cf172916 14-Aug-2015 Chris Tate <ctate@android.com> am 7e7d79ef: Merge "Make "Ask every time" actually work that way" into mnc-dev

* commit '7e7d79ef2f4aa6a8da86af459d419bd24c47b440':
Make "Ask every time" actually work that way
9e398eb51497dbcd2347cb1315933fa4e7cfcd9e 14-Aug-2015 Dianne Hackborn <hackbod@google.com> am 81f3a85a: Merge "Fix issue #22940169: "pm grant" can no longer grant permissions..." into mnc-dev

* commit '81f3a85aa29d83ed1a5de4de1006587d375a1c77':
Fix issue #22940169: "pm grant" can no longer grant permissions...
7e7d79ef2f4aa6a8da86af459d419bd24c47b440 14-Aug-2015 Chris Tate <ctate@android.com> Merge "Make "Ask every time" actually work that way" into mnc-dev
56f0ff3c48c88b969d9bf5e62eb1ee590e03e461 14-Aug-2015 Christopher Tate <ctate@google.com> Make "Ask every time" actually work that way

..in link-opening behavior. If a candidate is marked as "ask
every time," then the user is guaranteed to get a disambiguation
prompt including that candidate even when some other candidate
app is in the "always prefer this over a browser" state.

Bug 23147746

Change-Id: I904d8697a992b3f16f32b1c1b49c2bf9424c7137
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9f5b0a27350df984fb4a98b9658e89390ed60573 14-Aug-2015 Dianne Hackborn <hackbod@google.com> Fix issue #22940169: "pm grant" can no longer grant permissions...

...with protection flag PROTECTION_FLAG_DEVELOPMENT

Bring back the old grant/revoke code for development permissions.

Also some more dumpsys output to help debugging.

And new dumpsys command for checking a permission.

Change-Id: I6e27e62a9ca5ec1ecc0f102714a448ea02f0f41c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2fee91c5683d4f3e89c9bd2485207044ab495f43 12-Aug-2015 Todd Kennedy <toddke@google.com> am f6f11daa: am f5107e38: am d43f4d92: am 8af3406a: am 24e4d48f: Merge "Promote system app permissions" into mnc-dev

* commit 'f6f11daafe9884b93218487d5af29130e97107e9':
Promote system app permissions
8af3406a4558e81394ac18ea0d0dcd728833f483 12-Aug-2015 Todd Kennedy <toddke@google.com> am 24e4d48f: Merge "Promote system app permissions" into mnc-dev

* commit '24e4d48f56a6fca6974c5670b88a7b4da2180331':
Promote system app permissions
8b3e6b0df102901f938cd0687f9994a3ff767fcf 12-Aug-2015 Todd Kennedy <toddke@google.com> Promote system app permissions

When upgrading from a pre-M version of Android, install permissions for
exisiting system are promoted to runtime permissions. This only happens
for apps that existed prior to the OTA. Other system apps targeting M
are not automatically granted any permissions.

Bug: 22970710
Change-Id: I964ee3f93c66ea43fbb1be6b5ac6b09ddea3c385
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
157c3fbc52c14cbd7fc7ce6ec5b1b4cc9fe627d5 08-Aug-2015 Nicolas Prévot <nprevot@google.com> am 6d23b141: am 2c661d5a: am ed73021b: am 543fd8be: am 288e82f8: Merge "Keep intent verification status of system apps when uninstalling them." into mnc-dev

* commit '6d23b1419fb3cf26025484d5de142de873e5cd9f':
Keep intent verification status of system apps when uninstalling them.
543fd8be753ac751235adb59f5e8c5cedba3b162 07-Aug-2015 Nicolas Prévot <nprevot@google.com> am 288e82f8: Merge "Keep intent verification status of system apps when uninstalling them." into mnc-dev

* commit '288e82f8f67db894c43bf4ea659ca832f979c65a':
Keep intent verification status of system apps when uninstalling them.
288e82f8f67db894c43bf4ea659ca832f979c65a 07-Aug-2015 Nicolas Prévot <nprevot@google.com> Merge "Keep intent verification status of system apps when uninstalling them." into mnc-dev
b5ab2ffc213dbc976544ef6e0922d72d4fa241ff 07-Aug-2015 Nicolas Prevot <nprevot@google.com> Keep intent verification status of system apps when uninstalling them.

When creating a work profile, system apps are uninstalled and then
sometimes reinstalled.
In the process, they lose their intent verification status.

BUG:22943461
Change-Id:I5b008c6de2125f190063b08908076a649067c60d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
598b03d1008fb416a597ae4b2e037c4492bf696d 07-Aug-2015 Svetoslav Ganov <svetoslavganov@google.com> am 9bf912c1: am 5ed03384: am 1f514608: am 5a624aad: am 38d30dc5: Merge "Immediately kill a shared user process on a permission revocation." into mnc-dev

* commit '9bf912c1cf6941402dc0f8ef449f34787796875e':
Immediately kill a shared user process on a permission revocation.
5a624aad5faa0a71ce6495671caac1ccd90544ba 07-Aug-2015 Svetoslav Ganov <svetoslavganov@google.com> am 38d30dc5: Merge "Immediately kill a shared user process on a permission revocation." into mnc-dev

* commit '38d30dc547825bdde2756f588692063a28749e8d':
Immediately kill a shared user process on a permission revocation.
38d30dc547825bdde2756f588692063a28749e8d 07-Aug-2015 Svetoslav Ganov <svetoslavganov@google.com> Merge "Immediately kill a shared user process on a permission revocation." into mnc-dev
23d4f7cf6e43d0b6cd6431245cdc06659928236e 07-Aug-2015 Jeff Davidson <jpd@google.com> am 5061b516: am 2fe51373: am 22d20774: am 20de377b: am 1d7c3254: Merge "Correctly propagate permissions when uninstalling updates." into mnc-dev

* commit '5061b51669d476a72b39e4636f7b5a837451337f':
Correctly propagate permissions when uninstalling updates.
aa41add33b8d7d318387cc74c34e3d347d245211 07-Aug-2015 Svetoslav <svetoslavganov@google.com> Immediately kill a shared user process on a permission revocation.

1. When a permission is revoked we kill the app immediately but do
not do an immediate kill for shared uid processes. This fixes it.

2. Remove system APIs that are used only by the package installer.

bug:22984670

Change-Id: I3d4ae52ea8679f894aa7c5972941263903479183
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
20de377beb17273a2d2dcd5715c418eec1ac897e 07-Aug-2015 Jeff Davidson <jpd@google.com> am 1d7c3254: Merge "Correctly propagate permissions when uninstalling updates." into mnc-dev

* commit '1d7c32548c30c62a35c54a624f89d5f9db31b9d4':
Correctly propagate permissions when uninstalling updates.
16ed6a45aed0e5d7332647559c3c76b977b705b4 05-Aug-2015 Jeff Davidson <jpd@google.com> Correctly propagate permissions when uninstalling updates.

In ag/733689, which was intended to fix this bug, the following lines
were removed:

// Propagate the permissions state as we do want to drop on the floor
// runtime permissions. The update permissions method below will take
// care of removing obsolete permissions and grant install permissions.
ps.getPermissionsState().copyFrom(disabledPs.getPermissionsState());

The intent with these lines seemed to be that we needed to copy
permissions from the application on /data, which is being uninstalled,
over to the copy on /system, which was disabled but is being
reenabled. However, it wasn't functional, because it incorrectly
copied from the copy on /system, not the copy on /data.

Restore this code, copying from newPs (the copy on /data) rather than
disbledPs (the copy on /system), and clarify the comment because we do
*not* want to drop runtime permissions on the floor.

Bug: 22665508
Change-Id: I6bae37e70b6df1043c9a2b49255b985707ba151a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e15d6c04cafd5390226358687de39fe1b4cb9c40 05-Aug-2015 Jeff Sharkey <jsharkey@google.com> am 5ea08853: am 294d1eeb: am 026457a4: am 64e26348: am 0d616883: Merge "Fix moving of apps into legacy ASEC." into mnc-dev

* commit '5ea088532f6c44468432ef459b31d30761384030':
Fix moving of apps into legacy ASEC.
64e26348bcb0f6282b71ff3577521d131f765a56 05-Aug-2015 Jeff Sharkey <jsharkey@google.com> am 0d616883: Merge "Fix moving of apps into legacy ASEC." into mnc-dev

* commit '0d6168835a6114a9e346278e4613e9175a907fd3':
Fix moving of apps into legacy ASEC.
0d6168835a6114a9e346278e4613e9175a907fd3 05-Aug-2015 Jeff Sharkey <jsharkey@google.com> Merge "Fix moving of apps into legacy ASEC." into mnc-dev
cb8e31d0d06fc80b926b658d38161d7f50c3cfee 04-Aug-2015 Todd Kennedy <toddke@google.com> move code back to original spot

The inital thought was to only create PostInstallData when it was
used later [during the restore]. Unfortunately, it is also used in
normal circumstances for pkg installation.

Bug: 22947287
Change-Id: Iab46183e57250e0f773538dc7156f65f461a3eeb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3fa5609d83339032d456bb51f0419adae756baed 04-Aug-2015 Dianne Hackborn <hackbod@google.com> am aa860fd8: am 35c68de9: am 5dd9ef04: am b0bc8368: am 3011f645: Merge "Fix issue #22912704: "android.process.acore has stopped" dialog keeps popping up" into mnc-dev

* commit 'aa860fd83ab3d3096c4bdf86297b7d8f36f5eec8':
Fix issue #22912704: "android.process.acore has stopped" dialog keeps popping up
94dacb12185c6208d100ada88ed305376d9ab2ee 03-Aug-2015 Jeff Sharkey <jsharkey@android.com> Fix moving of apps into legacy ASEC.

Derive the correct current volume UUID for comparison, and only
check for cluster style installs when moving from internal storage.

Bug: 22616484
Change-Id: Idb6be2aa4aaa9b9f47ebbeeebd65c15a60d5d164
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b0bc8368f53e80236026e54311f2dda7b662c664 04-Aug-2015 Dianne Hackborn <hackbod@google.com> am 3011f645: Merge "Fix issue #22912704: "android.process.acore has stopped" dialog keeps popping up" into mnc-dev

* commit '3011f645abe8f976af6f876579a179d51c09bf30':
Fix issue #22912704: "android.process.acore has stopped" dialog keeps popping up
28ec27cbfa157c242fd9330a10c7c2b8ea838694 04-Aug-2015 Dianne Hackborn <hackbod@google.com> Fix issue #22912704: "android.process.acore has stopped" dialog keeps popping up

Slice 'em up!

Change-Id: Ibba3af7ec5b7f92e6d5e55a57aa838a7f7f936e1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c8a465c4d3827970f61555e604c43ef3b3f6d4d6 03-Aug-2015 Todd Kennedy <toddke@google.com> Add Package Manager tracing

Change-Id: I6ca2d499bd6a5712f7bf45ba383f1954559a2550
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f6f1a7ec9935c32e6c1155333de94ac9cd544442 01-Aug-2015 Dianne Hackborn <hackbod@google.com> am 628b4125: am bc2a8843: am b97c5ddd: am 9b36f526: am c1836bb0: Merge "Change MNC codename to just M." into mnc-dev

* commit '628b4125843b93dc7f3ed0c9bbea76ff470d2eed':
Change MNC codename to just M.
9b36f526dd0378bda8f71c0e51ed37bf97742f8f 31-Jul-2015 Dianne Hackborn <hackbod@google.com> am c1836bb0: Merge "Change MNC codename to just M." into mnc-dev

* commit 'c1836bb0f1bf3e5ef0911719525da0bab3e53507':
Change MNC codename to just M.
c1836bb0f1bf3e5ef0911719525da0bab3e53507 31-Jul-2015 Dianne Hackborn <hackbod@google.com> Merge "Change MNC codename to just M." into mnc-dev
98a70b9d358d04bff2cdf7d6df99abf235d87027 31-Jul-2015 Benjamin Franz <bfranz@google.com> am 33cb97c0: am 54aed521: am 93d45d1c: am 982daf87: am d692fcf1: Merge "Add missing return statement" into mnc-dev

* commit '33cb97c0f0824f8a5f35c09db28565b076bc9994':
Add missing return statement
982daf8769bf78dd6bb240dab9ac7d0a62de21cc 31-Jul-2015 Benjamin Franz <bfranz@google.com> am d692fcf1: Merge "Add missing return statement" into mnc-dev

* commit 'd692fcf115e57fef8a15c214fb2fcde78a48b45c':
Add missing return statement
d692fcf115e57fef8a15c214fb2fcde78a48b45c 31-Jul-2015 Benjamin Franz <bfranz@google.com> Merge "Add missing return statement" into mnc-dev
9dacbf6fd4b602f3abe9b1a347690d474c54f9a7 30-Jul-2015 Benjamin Franz <bfranz@google.com> Add missing return statement

Bug: 22844272
Change-Id: I4b37b28adb1d1b6d0d1235dd68fbfad6c3121c54
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0e3de6cacaffcfeda4d6353be61e2f1f9ed80705 30-Jul-2015 Dianne Hackborn <hackbod@google.com> Change MNC codename to just M.

Change-Id: I4281d200ff6560791c47cf9073ceea1cb509361e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fdf59bf82f35ccc870dbb7eb20b958997ea73b36 30-Jul-2015 Svetoslav Ganov <svetoslavganov@google.com> am c875ad14: am 56de6167: am f6c2d8a9: am 6da43a83: am 9352af2a: Merge "Remove dependencies on the package installer\'s package name" into mnc-dev

* commit 'c875ad14ddc09d0d3a3bde58f71845123110f9f2':
Remove dependencies on the package installer's package name
6672c8ba3b9e52a384cddb7fe77bd8d97fbfd128 30-Jul-2015 Sailesh Nepal <sail@google.com> am 33ec1710: am 2830a139: am 2084291d: am 33763760: am 6b96de8d: Merge "Default permissions for sim call manager" into mnc-dev

* commit '33ec1710b0404f36019688ea8e285b687f81109c':
Default permissions for sim call manager
d9af284299d0ef9ba388da7c883b71002f4593f7 30-Jul-2015 Svetoslav Ganov <svetoslavganov@google.com> am f8678e33: am 184f3c24: am 0acabb00: am 9e3d8e26: am a7a65ee4: Merge "Allow non system to set perm policy flags - needed by the installer" into mnc-dev

* commit 'f8678e336f4326115c8635f24def9096f8cad1ca':
Allow non system to set perm policy flags - needed by the installer
d2574c07684363f8d7f78135a15272d663b3133c 30-Jul-2015 Svetoslav Ganov <svetoslavganov@google.com> am ef87e802: am 2e621fdc: am ff5e7c34: am 7b45b0fb: am 120a86ac: Merge "Do not reset runtime permissions on upgrade" into mnc-dev

* commit 'ef87e802faac3a330681743fb3215dd3978dc268':
Do not reset runtime permissions on upgrade
6da43a835c0667e7f539ef47870d83f9bc516ef9 29-Jul-2015 Svetoslav Ganov <svetoslavganov@google.com> am 9352af2a: Merge "Remove dependencies on the package installer\'s package name" into mnc-dev

* commit '9352af2a9ef95e3f577a04474625249d3da62a04':
Remove dependencies on the package installer's package name
337637607df93491276a1285f57dd41afd219682 29-Jul-2015 Sailesh Nepal <sail@google.com> am 6b96de8d: Merge "Default permissions for sim call manager" into mnc-dev

* commit '6b96de8dae8be99f75c86c795672905e10fca153':
Default permissions for sim call manager
9e3d8e269e1c016af28c29ca8989ba765504331d 29-Jul-2015 Svetoslav Ganov <svetoslavganov@google.com> am a7a65ee4: Merge "Allow non system to set perm policy flags - needed by the installer" into mnc-dev

* commit 'a7a65ee4c5fb879fee258c63b92e49ab4571bbdb':
Allow non system to set perm policy flags - needed by the installer
7b45b0fbf14c43521560a7bf115ec5c92cda1788 29-Jul-2015 Svetoslav Ganov <svetoslavganov@google.com> am 120a86ac: Merge "Do not reset runtime permissions on upgrade" into mnc-dev

* commit '120a86ac6f4ac6d2dfdef01dd1fbefdcd1cc8735':
Do not reset runtime permissions on upgrade
9352af2a9ef95e3f577a04474625249d3da62a04 29-Jul-2015 Svetoslav Ganov <svetoslavganov@google.com> Merge "Remove dependencies on the package installer's package name" into mnc-dev
6b96de8dae8be99f75c86c795672905e10fca153 29-Jul-2015 Sailesh Nepal <sail@google.com> Merge "Default permissions for sim call manager" into mnc-dev
a7a65ee4c5fb879fee258c63b92e49ab4571bbdb 29-Jul-2015 Svetoslav Ganov <svetoslavganov@google.com> Merge "Allow non system to set perm policy flags - needed by the installer" into mnc-dev
525bc7a5a68cf2bf5159780ebb66ca4a3bf600ee 29-Jul-2015 Svet Ganov <svetoslavganov@google.com> Allow non system to set perm policy flags - needed by the installer

My previous change overtightened which permission flags can be changed
by a non-system caller. This took away the capability of the package
installer to set policy flags which it needs to implement the auto
grant/deny behavior.

bug:22776149

Change-Id: Ic2a82bedc413fc91360c3bcec355fac456f0fccf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f480f2899cf4667170d93f6d7637e735b82d5bae 29-Jul-2015 Svet Ganov <svetoslavganov@google.com> Do not reset runtime permissions on upgrade

bug:22772831

Change-Id: Ic7113f48bf4fe2fe2f50bf94c4b6dbb2130b6621
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f1b7f20bb839c96e8254ccb65398135f10fd45d9 29-Jul-2015 Svet Ganov <svetoslavganov@google.com> Remove dependencies on the package installer's package name

bug:22700053

Change-Id: I8540eb8577fbec84e1a67e31e1c31ba654c828a4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cf85562bc9a0f01db51b4088e72f05a8089fc7f1 29-Jul-2015 Sailesh Nepal <sail@google.com> Default permissions for sim call manager

This CL adds the following permissions by default to the
SIM call manager:
- microphone
- phone

BUG: 22790160
Change-Id: Icaf1db6c6943b3ddbd16a946a81d1bfb734d761f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0c6c5c54383121ae5674d287b13f88dc3e149f26 29-Jul-2015 Todd Kennedy <toddke@google.com> am d2f742d5: am 4c423351: am b91bf1f3: am 673fed99: am f2c616ed: Merge "Partially revert package freezing" into mnc-dev

* commit 'd2f742d5a6ee0dd0fdc9b9321f4102dae9f8131e':
Partially revert package freezing
673fed99b931ce0efc17b0e549e7842e4775154c 29-Jul-2015 Todd Kennedy <toddke@google.com> am f2c616ed: Merge "Partially revert package freezing" into mnc-dev

* commit 'f2c616ed02aee3b9a9025caf288aadbf22cfd046':
Partially revert package freezing
6b0c8315e4c0db24522675c05ecd6a0b9bfb6d9e 28-Jul-2015 Todd Kennedy <toddke@google.com> Partially revert package freezing

On the Nexus Player, upgrading the launcher would cause multiple, simultaneous
processes to be running. In order to prevent this regression, revert the portion
of ag/682591 dealing with package upgrades.

Bug: 21123444
Change-Id: I7a4cf98c7e28fc9893b1c0358d3a98702d94c039
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aaf148485108604fb50f11b090d3031dfb7f95ef 27-Jul-2015 Fyodor Kupolov <fkupolov@google.com> am d1f1985f: am 4b3f6caf: am d815c04b: am d7d1ea45: am b83b5fa6: Merge "Check for ACCESS_COARSE_LOCATION/ACCESS_FINE_LOCATION" into mnc-dev

* commit 'd1f1985f33df9915dbd1895433c2c74a0493613c':
Check for ACCESS_COARSE_LOCATION/ACCESS_FINE_LOCATION
d7d1ea45984efdb6a514e97312045ac5b67ccb22 27-Jul-2015 Fyodor Kupolov <fkupolov@google.com> am b83b5fa6: Merge "Check for ACCESS_COARSE_LOCATION/ACCESS_FINE_LOCATION" into mnc-dev

* commit 'b83b5fa641847ee1d533253ba5e1a3e13913b9d9':
Check for ACCESS_COARSE_LOCATION/ACCESS_FINE_LOCATION
ce09a024f8478a21b1f4b8e8ddaf247b0fc9f616 24-Jul-2015 Fyodor Kupolov <fkupolov@google.com> Check for ACCESS_COARSE_LOCATION/ACCESS_FINE_LOCATION

Call to checkPermission(ACCESS_COARSE_LOCATION) should return
PERMISSION_GRANTED, when package only has ACCESS_FINE_LOCATION permission

Bug: 21852542
Change-Id: I53fe2945784213693f59e7bfccc524276ea8c189
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
12058d065e5940c4a38c22327c6e956f6b5492a3 24-Jul-2015 Svetoslav Ganov <svetoslavganov@google.com> am 2dd71cc1: am 74521d3a: am 7bda4b96: am 79355545: am 28762e61: Merge "Keep default permission grants uninstalling a sys package upgrade" into mnc-dev

* commit '2dd71cc16565d0183d940987aad168a4efcf6423':
Keep default permission grants uninstalling a sys package upgrade
5cdca2a812af6b534000c93c0c72c7a0912bd81c 24-Jul-2015 Svetoslav Ganov <svetoslavganov@google.com> am cb731204: am ce4668b6: am 3fce45b6: am 54f1db79: am 607bc34f: Merge "Reset permissions and app links when clearing app preferences - framework" into mnc-dev

* commit 'cb731204c47034b6ce3e6a96b127fafc322a3625':
Reset permissions and app links when clearing app preferences - framework
5b98249e67198f31fe543334067943aa8ef4788d 24-Jul-2015 Jeff Sharkey <jsharkey@google.com> am 5080e90a: am aebcf3b7: am 23fdb635: am e87dc6db: am f6e9a3ed: Merge "More info to support CTS, fix reconcile bug." into mnc-dev

* commit '5080e90a62445f3ddf2dcff4adabe2d251d25932':
More info to support CTS, fix reconcile bug.
793555452ad44c006657b6c511c5c6068c0317ba 24-Jul-2015 Svetoslav Ganov <svetoslavganov@google.com> am 28762e61: Merge "Keep default permission grants uninstalling a sys package upgrade" into mnc-dev

* commit '28762e61e2e45a7e30af02c6fa840a065a645b68':
Keep default permission grants uninstalling a sys package upgrade
28762e61e2e45a7e30af02c6fa840a065a645b68 24-Jul-2015 Svetoslav Ganov <svetoslavganov@google.com> Merge "Keep default permission grants uninstalling a sys package upgrade" into mnc-dev
315c4ac1b66922ef96c4c32d3c5344edd94513e1 24-Jul-2015 Svet Ganov <svetoslavganov@google.com> Keep default permission grants uninstalling a sys package upgrade

bug:22665508

Change-Id: I1cb1e53a8643ddad77f0be9e40d5b504501e06de
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bf822d39a24b0de8228f5fc96c9ea4fcf320cbdc 24-Jul-2015 Dianne Hackborn <hackbod@google.com> am c9e454a5: am 26b2453c: am d363399b: am 86350411: am b7394671: Merge "Work on issue #22303510: Additional permissions aren\'t properly..." into mnc-dev

* commit 'c9e454a544233b6d4d7ae96d4442505bbad22fcb':
Work on issue #22303510: Additional permissions aren't properly...
54f1db793264192017c588b618c7d4cb311482c0 24-Jul-2015 Svetoslav Ganov <svetoslavganov@google.com> am 607bc34f: Merge "Reset permissions and app links when clearing app preferences - framework" into mnc-dev

* commit '607bc34f93a8c074d1982861273d210291eae34d':
Reset permissions and app links when clearing app preferences - framework
e87dc6dba58e55c60f387a86468a57a5109a97ac 23-Jul-2015 Jeff Sharkey <jsharkey@google.com> am f6e9a3ed: Merge "More info to support CTS, fix reconcile bug." into mnc-dev

* commit 'f6e9a3ede53ae487838c19714ad62f25a4a6ca4c':
More info to support CTS, fix reconcile bug.
9c8b8ab941e3ca7bdf2cccad6836760d7723518e 23-Jul-2015 Svet Ganov <svetoslavganov@google.com> Reset permissions and app links when clearing app preferences - framework

bug:22359132

Change-Id: I198c0b1cd6c3dcb91fe560874a8502eb6b5f65b3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
863504111546fb46fcb5af356efb267c8582018a 22-Jul-2015 Dianne Hackborn <hackbod@google.com> am b7394671: Merge "Work on issue #22303510: Additional permissions aren\'t properly..." into mnc-dev

* commit 'b73946715cb9e3ca7a2702407e34f885e92a5d9a':
Work on issue #22303510: Additional permissions aren't properly...
f6e9a3ede53ae487838c19714ad62f25a4a6ca4c 22-Jul-2015 Jeff Sharkey <jsharkey@google.com> Merge "More info to support CTS, fix reconcile bug." into mnc-dev
85ced632680642fce680d141ddd10299ff849233 22-Jul-2015 Jeff Sharkey <jsharkey@android.com> More info to support CTS, fix reconcile bug.

Surface more details and commands for storage volumes to support
CTS testing. Fix user reconciliation bug that skipped user setup on
empty volumes.

Bug: 22658804, 22633097
Change-Id: I4221312d1cce24d1f5a2c108095cf3cf471598ed
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cfbfafe1b9ca2fd135a4fb6b528b3829830803bf 22-Jul-2015 Dianne Hackborn <hackbod@google.com> Work on issue #22303510: Additional permissions aren't properly...

...disabled after toggling them off

Keep track of whether a permission that has been declared by an app
was able to actually be installed in the system, along with an API
to find this information so that system UI can tell whether that
permission is of interest.

Also clean up some of the permission debug output.

Change-Id: If4541bedb857789b255bb18f03cad155dcda0b95
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
527dfdfa72e319d11013ab9c7bf79af42fa91ad7 21-Jul-2015 Jeff Sharkey <jsharkey@android.com> am d4dc8756: am 4524184c: am f811d7fc: am fe7a311c: am 35ba2cdb: Merge "Inherit ABI when moving existing install." into mnc-dev

* commit 'd4dc87569fcc608f8065395c98ac956a3d11a79a':
Inherit ABI when moving existing install.
fe7a311c421473f1b50dcd2751585f89664a4327 20-Jul-2015 Jeff Sharkey <jsharkey@android.com> am 35ba2cdb: Merge "Inherit ABI when moving existing install." into mnc-dev

* commit '35ba2cdbf8654d708e57d209131dd498705d0e18':
Inherit ABI when moving existing install.
35ba2cdbf8654d708e57d209131dd498705d0e18 20-Jul-2015 Jeff Sharkey <jsharkey@android.com> Merge "Inherit ABI when moving existing install." into mnc-dev
40cda8ef7c2e91fe1557a8cc35e01b91acf1def8 20-Jul-2015 Jeff Sharkey <jsharkey@android.com> Inherit ABI when moving existing install.

Previously installed apps are moved between volumes as an complete
package, including any previously unpacked native libraries. This
means we need to inherit any previously derived ABI when moving.

Bug: 22093837
Change-Id: I7656e338affa44e7f997fe4aa95bb297c0acc165
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bdc7141f7f7d278922d240f466244e352d758635 18-Jul-2015 Jeff Sharkey <jsharkey@android.com> am 8d6abd0b: am e9896b3d: am 88c3301c: am 2d9d5905: am 25945302: Merge "Persist version data on a per-volume basis." into mnc-dev

* commit '8d6abd0b772740a0d7a5a135d250d371da2f0522':
Persist version data on a per-volume basis.
2d9d59053fcb8504914f358a1417e67a94c0f8f1 18-Jul-2015 Jeff Sharkey <jsharkey@android.com> am 25945302: Merge "Persist version data on a per-volume basis." into mnc-dev

* commit '259453024c015da9d70d1ffadba09604aa1c786e':
Persist version data on a per-volume basis.
16c268ee90b36defa86ad24f030d7b5a73df2933 18-Jul-2015 Dianne Hackborn <hackbod@google.com> am c8457784: am 9b7c2ee7: am 35534fb4: am fb03aa36: am 5c269121: Merge "Work on issue #22556778: Starting under voice control not allowed" into mnc-dev

* commit 'c8457784df15e6c4361bce65628c56b9326977cf':
Work on issue #22556778: Starting under voice control not allowed
259453024c015da9d70d1ffadba09604aa1c786e 18-Jul-2015 Jeff Sharkey <jsharkey@android.com> Merge "Persist version data on a per-volume basis." into mnc-dev
f80b52b08aff0fe4c5a5fdc710aa5976c7b25699 17-Jul-2015 Jeff Sharkey <jsharkey@android.com> Persist version data on a per-volume basis.

Now that we support multiple adopted external storage devices, we
need to keep track of version data for each volume. This means we
now correctly handle certificate upgrade edge cases, permission
regranting, and clearing of code caches on a per-volume basis.

Bug: 22298966
Change-Id: Ifb9940c197f6c058a3ecca728257f853ce0fd7f4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fb03aa36a4790ca0ff5e11a56903507089278390 18-Jul-2015 Dianne Hackborn <hackbod@google.com> am 5c269121: Merge "Work on issue #22556778: Starting under voice control not allowed" into mnc-dev

* commit '5c269121d8ea0bf3f530f2314695e189ffdb3165':
Work on issue #22556778: Starting under voice control not allowed
5c269121d8ea0bf3f530f2314695e189ffdb3165 18-Jul-2015 Dianne Hackborn <hackbod@google.com> Merge "Work on issue #22556778: Starting under voice control not allowed" into mnc-dev
f38c4ee9030b68c2f2b00d376c7d4a05a58a818a 17-Jul-2015 Dianne Hackborn <hackbod@google.com> Work on issue #22556778: Starting under voice control not allowed

The ResolverActivity is voice capable. In fact, it is capable
of EVERYTHING.

Change-Id: I37c4476d546f61fee3540b747aff77e88b702d48
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d5ec715394c69bc172b87d991c1ce4ba04d51f44 17-Jul-2015 Todd Kennedy <toddke@google.com> am fdc235a4: am a7624f57: am b1f78ba8: am 8c47b335: am 5fe22e4f: Merge "clear calling identity to dexopt" into mnc-dev

* commit 'fdc235a42b330863f9489fc73dd8d718e8a00b77':
clear calling identity to dexopt
8c47b335b0dd06efbcbf17e26df2be67a33a15f1 17-Jul-2015 Todd Kennedy <toddke@google.com> am 5fe22e4f: Merge "clear calling identity to dexopt" into mnc-dev

* commit '5fe22e4fcbc543aa588d739b2453b3fa72d31859':
clear calling identity to dexopt
5fe22e4fcbc543aa588d739b2453b3fa72d31859 17-Jul-2015 Todd Kennedy <toddke@google.com> Merge "clear calling identity to dexopt" into mnc-dev
2a89545739b4efef4bd6535206ad0f5a813df39f 17-Jul-2015 Todd Kennedy <toddke@google.com> clear calling identity to dexopt

Bug: 22067670
Change-Id: I3596f26a079660f6898401ed679463193b00c799
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
28e7313992ba6efd94ddc16b45278863f84d7fcb 17-Jul-2015 Svet Ganov <svetoslavganov@google.com> am 71d12704: am 475858c3: am b295963b: am c00e49b6: am d4b566bf: Merge "Add APIs for verifier to grant at install and revoke permissions" into mnc-dev

* commit '71d12704f64eeace695a6b8e0cd8f36007b96270':
Add APIs for verifier to grant at install and revoke permissions
c00e49b6e4e4cc8356529567040d6ee3be8c1dc3 17-Jul-2015 Svet Ganov <svetoslavganov@google.com> am d4b566bf: Merge "Add APIs for verifier to grant at install and revoke permissions" into mnc-dev

* commit 'd4b566bf56333de708908ce4accb5fb067be64f0':
Add APIs for verifier to grant at install and revoke permissions
d4b566bf56333de708908ce4accb5fb067be64f0 17-Jul-2015 Svet Ganov <svetoslavganov@google.com> Merge "Add APIs for verifier to grant at install and revoke permissions" into mnc-dev
a57940dd76e4b0d18d6ab944a311276a634be98f 16-Jul-2015 Todd Kennedy <toddke@google.com> am c0036d03: am 48869114: am a6a5ba19: am c84bf849: am a4911ed9: Merge "Verfiy global apps with device owner" into mnc-dev

* commit 'c0036d03a47ebe0eadee68a9db31e86d88153422':
Verfiy global apps with device owner
c84bf8498e51b04f8be5bfea0616a4bc0bc81eee 16-Jul-2015 Todd Kennedy <toddke@google.com> am a4911ed9: Merge "Verfiy global apps with device owner" into mnc-dev

* commit 'a4911ed97102b638a373adcdae7e4c9b3c64cc30':
Verfiy global apps with device owner
a4911ed97102b638a373adcdae7e4c9b3c64cc30 16-Jul-2015 Todd Kennedy <toddke@google.com> Merge "Verfiy global apps with device owner" into mnc-dev
c2c8ac37966db3499f7246ad9dedb0b779d72754 16-Jul-2015 Nicolas Prevot <nprevot@google.com> am 73c489a9: am e31dad2b: am e4036947: am b298ba48: am dbdf7c45: Don\'t send app links to the parent if status = never (part 2)

* commit '73c489a9b3045b044ca6d670762bee64ce8f6044':
Don't send app links to the parent if status = never (part 2)
633f19983182fbcf9479f6d5dd9f5e29e37f4cd0 16-Jul-2015 Todd Kennedy <toddke@google.com> Verfiy global apps with device owner

Applications installed for a specific user must be verfied as that user. However,
apps that are installed globally [i.e. UserHandle.ALL] should not be verified by
every user on the device. Instead, they should be verified by the device owner.

Bug: 21901423
Change-Id: I5fd3f690d08e7e911a3c86f09bbfcd4eb635b418
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b298ba48275fb36390398afbe196cc1ef7dae762 16-Jul-2015 Nicolas Prevot <nprevot@google.com> am dbdf7c45: Don\'t send app links to the parent if status = never (part 2)

* commit 'dbdf7c45380f7701e029a279932d2c97bf55fdc9':
Don't send app links to the parent if status = never (part 2)
dbdf7c45380f7701e029a279932d2c97bf55fdc9 15-Jul-2015 Nicolas Prevot <nprevot@google.com> Don't send app links to the parent if status = never (part 2)

To qualify for cross-profile app linking, an intent should resolve
with a better status than "NEVER". Moved this check from canForwardTo
into the source method, getCrossProfileDomainPreferredLpr, to stop
bad resolutions leaking out.

BUG:22287521
Change-Id: I195979d78a783864d841a81f358780912bbf168e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7121e18595d4c559044e26bfe6035406a862f466 14-Jul-2015 Svet Ganov <svetoslavganov@google.com> Add APIs for verifier to grant at install and revoke permissions

bug:22231699

Change-Id: Ie0c758bf73699f50bf99ff5aa0bf98dcc9004e37
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a0bfc2063533d4b93435a49c9e19e54989c3459a 16-Jul-2015 Christopher Tate <ctate@google.com> am fdb71b60: am 374600c9: am 49af7ad4: am fbb4e9d2: am 3b1f8607: Merge "Intent filters need CATEGORY_BROWSABLE to be app-linking eligible" into mnc-dev

* commit 'fdb71b6041c7e4eba0410116799b276ab8ab83c5':
Intent filters need CATEGORY_BROWSABLE to be app-linking eligible
fbb4e9d23f0d3e3a220e0e3e63934409d615f50c 16-Jul-2015 Christopher Tate <ctate@google.com> am 3b1f8607: Merge "Intent filters need CATEGORY_BROWSABLE to be app-linking eligible" into mnc-dev

* commit '3b1f8607fdc416a87e608499698719f3234ecc90':
Intent filters need CATEGORY_BROWSABLE to be app-linking eligible
29c0a823959e972ee134fff6789955aedd908e3e 16-Jul-2015 Christopher Tate <ctate@google.com> am a9fa3c24: am b3ed2b8b: am ec0ed98d: am b6b97e90: am 06476508: Merge "Resolve based on the correct user\'s default browser" into mnc-dev

* commit 'a9fa3c24e0f013a345be935179579706f67d1f6c':
Resolve based on the correct user's default browser
ac15b1b0c05c79f5939aa6f88e973d4d479946cb 16-Jul-2015 Christopher Tate <ctate@google.com> Intent filters need CATEGORY_BROWSABLE to be app-linking eligible

Bug 22504009

Change-Id: I565b2ba4d1e5deeee8ede3363819deec206dbf58
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5dc71cb2dd99bb2a5dd8bd6a51fec280bb488c38 16-Jul-2015 Svet Ganov <svetoslavganov@google.com> am ffb43184: am 3d8e949a: am 9088c083: am 12b05ec2: am 75f6b94a: Merge "Grant default permissions to the setup app robustly." into mnc-dev

* commit 'ffb4318447f7741b4901dd38e3f6d97c94794b42':
Grant default permissions to the setup app robustly.
b6b97e90cb247560b880ae7269b5bfb1daa7aeef 16-Jul-2015 Christopher Tate <ctate@google.com> am 06476508: Merge "Resolve based on the correct user\'s default browser" into mnc-dev

* commit '06476508c4aae6b9bb5affdc7470abf159ef9eda':
Resolve based on the correct user's default browser
06476508c4aae6b9bb5affdc7470abf159ef9eda 16-Jul-2015 Christopher Tate <ctate@google.com> Merge "Resolve based on the correct user's default browser" into mnc-dev
12b05ec2e7a22fa0cbc1bc55d5a8b6503dbf038c 16-Jul-2015 Svet Ganov <svetoslavganov@google.com> am 75f6b94a: Merge "Grant default permissions to the setup app robustly." into mnc-dev

* commit '75f6b94a5d5cadb218725011729466e8e438b231':
Grant default permissions to the setup app robustly.
7991f7813edb9ab7b79c4f5cf5ea7d51e83d334d 15-Jul-2015 Christopher Tate <ctate@google.com> Resolve based on the correct user's default browser

Bug 22509659

Change-Id: Iac75e7b40609bf2c81d266e0568fbfbeb71bb3aa
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
50a8bf4da0fe1685bfe6a0ecd9a9677e363e2ee1 15-Jul-2015 Svet Ganov <svetoslavganov@google.com> Grant default permissions to the setup app robustly.

There is a zoo of components that handle the home intent and
have different priority. There is no reliable way to distinguish
the setup app from the other apps that handle home as some of
them have lower priority than the setup app and some higher.
This change adds a dedicated category to recognize the default
setup app.

Uncommented the code that grants accounts permissions as the
get_accounts permission is now a runtime permission and can be
granted.

bug:22471024
bug:22501463

Change-Id: I41726751fa2567cbcd7d09c7acfa7615b8aba577
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4916f2103add285c57f4f503a1e82d719da5bb85 14-Jul-2015 Svet Ganov <svetoslavganov@google.com> am 0d043abe: am 20994ee5: am 5b93f2d9: am 4248250c: am 8017c647: Fix build

* commit '0d043abe7ff959185148cdf1071aa2d6629d7acc':
Fix build
fbb4a38c7cc8ddb313c588f8d29bfcda5c0609c2 14-Jul-2015 Ian Pedowitz <ijpedowitz@google.com> resolved conflicts for merge of 30efac5a to master

Change-Id: I0dad4cf10ed01cbf49e33f0c2ed1d6f8a1c893e0
8bcb80ca90c1d1f2c04d9e3d6e52f8381dad0c26 14-Jul-2015 Christopher Tate <ctate@google.com> am a46e6066: am 91112eae: am d04c91ab: am c5eadf8d: am 4b9b3e47: Merge "Default browser should not supersede intent filter priorities" into mnc-dev

* commit 'a46e60665cad5b55a8ddcb41f0696d225edad8fb':
Default browser should not supersede intent filter priorities
4fd798768245f07064a1001a594fa2f4558efb9e 14-Jul-2015 Christopher Tate <ctate@google.com> am d5c43b76: am df8db14e: am 0e201048: am b4494b02: am 288ecf98: Merge "Prioritize most-recently-enabled link-handling app" into mnc-dev

* commit 'd5c43b7619d9d42e902a34c8b300f882b8213309':
Prioritize most-recently-enabled link-handling app
abad26c13260ea37271d69956983117c7986a818 14-Jul-2015 Svetoslav <svetoslavganov@google.com> am 3a49414b: am f835ba3c: am d57778ac: am 72172933: am 56c59d15: Merge "Fix two grant default permissions edge cases." into mnc-dev

* commit '3a49414b47407366d6b299c74f9208b4d9de1ffb':
Fix two grant default permissions edge cases.
5e181938c4de87e9535e8295a8dbf06f99631834 14-Jul-2015 Amith Yamasani <yamasani@google.com> am f3069383: am 4521361a: am 14627a2c: am 7efb0521: am 1578357d: Merge "Check user state after clearing identity." into mnc-dev

* commit 'f30693831665ad68731b996f8b2744c72e4dddd2':
Check user state after clearing identity.
e1f7a9ff7b764e2876eaf87da7f3204bbb0a764e 14-Jul-2015 Esteban Talavera <etalavera@google.com> am ffded0dd: am d943ac7d: am 8dd280c2: am f463ac66: am 0ec43f89: Merge "Use correct user when filtering app link candidates" into mnc-dev

* commit 'ffded0dd94581c8c20701295d66083ac4dfd1e80':
Use correct user when filtering app link candidates
f27decd439bab93668a9a9a1d884af5b0694092b 14-Jul-2015 Esteban Talavera <etalavera@google.com> am d132e1cd: am 3b869cb4: am 220fd3c0: am 4b114575: am 22921603: Merge "Don\'t send app links to parent profile if status == never" into mnc-dev

* commit 'd132e1cd99d389e3074930dd2bc8501cb7386623':
Don't send app links to parent profile if status == never
5cc9a7a801f3a1995cbb2a7dae3f9a716d51df0e 14-Jul-2015 Amith Yamasani <yamasani@google.com> am b646cd6d: am f62ca82b: am a5aaf335: am 0fd2d2b1: am 292eb65f: Merge "Fix new user creation regression due to vold remount calls" into mnc-dev

* commit 'b646cd6df50e99464335f3c196e386c8743fd29e':
Fix new user creation regression due to vold remount calls
4248250c936ded1d5c32b47681817c52f0600c7e 14-Jul-2015 Svet Ganov <svetoslavganov@google.com> am 8017c647: Fix build

* commit '8017c647e665a6b6240501dc43628143ebe4e333':
Fix build
d7be214ca469c593d8a59cf7404020f4ad1aaed9 14-Jul-2015 Ian Pedowitz <ijpedowitz@google.com> resolved conflicts for merge of 8cee6587 to mnc-dr-dev

Change-Id: I0b2ed52214bb097d7fd69434afd0c6c890b5afb3
8017c647e665a6b6240501dc43628143ebe4e333 14-Jul-2015 Svet Ganov <svetoslavganov@google.com> Fix build

Change-Id: I2c97e405eaec7ee1569fcddc872ff2a98c829efe
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8cee6587e0efb2d8e63f1505b057a1e328525017 14-Jul-2015 Svet Ganov <svetoslavganov@google.com> Merge "Teach storage appops." into mnc-dev
6ee871e59812fea4525c50231f677c4bd10c74b8 10-Jul-2015 Svet Ganov <svetoslavganov@google.com> Teach storage appops.

For modern apps targeting M SDK and up the external storage state
is deterined by granted permissions. For apps targeting older SDK
the storage access is determined by app ops correspning to the
storage permissions as the latter are always granted.

When app ops change we do not remount as we kill the app process
in both cases enabling and disabling an app op since legacy code
is not prepared for dynamic behavior where an operation that failed
may next succeed. Hence, we remount when we start the app.

For modern apps we don't kill the app process on a permission
grant, therefore we synchronously remount the app storage.

bug:22104923

Change-Id: I601c19c764a74c2d15bea6630d0f5fdc52bf6a5a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c5eadf8d889b7e8901d647502d22a0d0c108d1da 14-Jul-2015 Christopher Tate <ctate@google.com> am 4b9b3e47: Merge "Default browser should not supersede intent filter priorities" into mnc-dev

* commit '4b9b3e4731ffb962daf0f5029450001a8a6e7c00':
Default browser should not supersede intent filter priorities
d13cb798506a1e04d716c6eac41492c5ae95ccc8 14-Jul-2015 Christopher Tate <ctate@google.com> Default browser should not supersede intent filter priorities

Bug 22304850

Change-Id: Ie4deffea2621fdc03a9bfe35690ecd109eed1a04
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b4494b02d5700b4ef4058315d44f17c3d829c0ad 14-Jul-2015 Christopher Tate <ctate@google.com> am 288ecf98: Merge "Prioritize most-recently-enabled link-handling app" into mnc-dev

* commit '288ecf98f14c9eff639b0a3de074d5b4a06eccec':
Prioritize most-recently-enabled link-handling app
72172933d7933ef60dd7b14b33b35e719c0d92f1 14-Jul-2015 Svetoslav <svetoslavganov@google.com> am 56c59d15: Merge "Fix two grant default permissions edge cases." into mnc-dev

* commit '56c59d1550703bc96151dc53bb4b697fda6a6028':
Fix two grant default permissions edge cases.
288ecf98f14c9eff639b0a3de074d5b4a06eccec 14-Jul-2015 Christopher Tate <ctate@google.com> Merge "Prioritize most-recently-enabled link-handling app" into mnc-dev
8b24a1d30fa5d2b80b2b6a37454dcc1e67d0e79d 14-Jul-2015 Svetoslav <svetoslavganov@google.com> Fix two grant default permissions edge cases.

1. When querying for components to which to grant default
permissions we are now getting disabled components as
well as we want such packages to get default pemrissions
on upgrade as disabled components may get reenabled.

2. When resolving activities to whose packages to grant default
permissions we skip the corss-profile and skip-profile filters
as they are set by device policy which should not affect
implicitly default permission grants. Policy has explicit
APIs for permission management.

bug:22405963

Change-Id: Idf56d35e567a6fd6e097cd45988d1561422ee6fc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f0d6cb38c47ee37583034dc3a68238ed13c91742 11-Jul-2015 Christopher Tate <ctate@google.com> Prioritize most-recently-enabled link-handling app

In the case when multiple apps handle a given web-link action,
all of which have been marked as "launch the app instead of a
browser" and so are otherwise ambiguous, always prefer the app
that was most recently placed into the always-handle-links state.

Bug 22051035

Change-Id: I3f43c19b0d7b74e9843445e41971bb5433affb1c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7efb0521ff4af2eeca5c99011ece066848069ffc 14-Jul-2015 Amith Yamasani <yamasani@google.com> am 1578357d: Merge "Check user state after clearing identity." into mnc-dev

* commit '1578357df737296aa151c6934fe7dd749a43ae15':
Check user state after clearing identity.
f463ac6647bce5e88c6329b730b5965029b9f372 14-Jul-2015 Esteban Talavera <etalavera@google.com> am 0ec43f89: Merge "Use correct user when filtering app link candidates" into mnc-dev

* commit '0ec43f89d2fc7064e7b42b40b318bef15fb040b5':
Use correct user when filtering app link candidates
4b1145759b6792151546ddab9bae38adb8a43769 14-Jul-2015 Esteban Talavera <etalavera@google.com> am 22921603: Merge "Don\'t send app links to parent profile if status == never" into mnc-dev

* commit '2292160320f29144f8f8f38bd6936e9f1efb4ae5':
Don't send app links to parent profile if status == never
0fd2d2b124d2aa614131c7b9cedde9d18e830724 14-Jul-2015 Amith Yamasani <yamasani@google.com> am 292eb65f: Merge "Fix new user creation regression due to vold remount calls" into mnc-dev

* commit '292eb65f1ee0747e60899c1b1d0b6cb16c9cd37a':
Fix new user creation regression due to vold remount calls
9e0e69915a2e45dd5ba158e0436571551a672636 13-Jul-2015 Paul Crowley <paulcrowley@google.com> Merge "Use mount service to create user dirs." into mnc-dr-dev
1578357df737296aa151c6934fe7dd749a43ae15 13-Jul-2015 Amith Yamasani <yamasani@google.com> Merge "Check user state after clearing identity." into mnc-dev
0ec43f89d2fc7064e7b42b40b318bef15fb040b5 13-Jul-2015 Esteban Talavera <etalavera@google.com> Merge "Use correct user when filtering app link candidates" into mnc-dev
2292160320f29144f8f8f38bd6936e9f1efb4ae5 13-Jul-2015 Esteban Talavera <etalavera@google.com> Merge "Don't send app links to parent profile if status == never" into mnc-dev
2d42d5f41eefc5550b6750cb86a5324c8f28959f 11-Jul-2015 Amith Yamasani <yamasani@google.com> Check user state after clearing identity.

This is to fix the case where the caller has GRANT_REVOKE_PERMISSIONS
but does not have MANAGE_USERS permission.

Related to a recent fix for
Bug: 22356546

Change-Id: Id51157abad14a0bdba3a16d7cd168f61ba25e890
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
292eb65f1ee0747e60899c1b1d0b6cb16c9cd37a 11-Jul-2015 Amith Yamasani <yamasani@google.com> Merge "Fix new user creation regression due to vold remount calls" into mnc-dev
1af7588da2e1f1621727a0d135cfc85f135ac4f8 10-Jul-2015 Esteban Talavera <etalavera@google.com> Use correct user when filtering app link candidates

Bug: 22288835
Change-Id: I29b3ac04e66b5e93f5cf29fd618b98d1c8106f58
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5a9a85d3d2b13a05ce2cf47511551428843d23b0 10-Jul-2015 Svet Ganov <svetoslavganov@google.com> am 0bdfb97a: am 88c3918d: am 3ceb043f: am b7cf986e: am 171fe6ac: Merge "Add an API for apps to query if a permisison is denied by policy." into mnc-dev

* commit '0bdfb97a0acb8b40c78b1f40151b334d5401a2d1':
Add an API for apps to query if a permisison is denied by policy.
a17b7f8c4be93d3cc60b75bf4977a98b8d3192d0 10-Jul-2015 Todd Kennedy <toddke@google.com> am 959b5502: am 4c1d9480: am 32eaa610: am 948a3ed9: am d80cf910: Merge "Allow codepath changes for new OTA packages" into mnc-dev

* commit '959b55020d4c47ca7e42bece6cd48ef10c1c1c31':
Allow codepath changes for new OTA packages
171fe6ac0aa5b0d2dd64ac1cdda25cdcb5f183f3 10-Jul-2015 Svet Ganov <svetoslavganov@google.com> Merge "Add an API for apps to query if a permisison is denied by policy." into mnc-dev
d80cf9109aa6b560e473f0197034085ed9062eaa 10-Jul-2015 Todd Kennedy <toddke@google.com> Merge "Allow codepath changes for new OTA packages" into mnc-dev
bb054c9dcc68d24e1d2ded709b721948b939018c 09-Jul-2015 Amith Yamasani <yamasani@google.com> Fix new user creation regression due to vold remount calls

When creating a new user, there's no need to call into vold when
setting up default system permissions for storage. This was otherwise
adding 2 seconds to the user creation time, causing a frozen screen
before showing "Switching to user ...".

Fix is to call the permission setup code synchronously and not
call into vold if the user hasn't been initialized yet.

Bug: 22356546
Change-Id: I4c8632813e8c0f2ac90da386691af439521bb25a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b42e3e044085e9e25c3936c60fc5869284fe6357 09-Jul-2015 Christopher Tate <ctate@google.com> am d3b8da4b: am be4898f2: am 5548f983: am e6991a13: am 607a040d: Merge "Add a mechanism for products to specify default active app linkages" into mnc-dev

* commit 'd3b8da4b8fb67606bb67287e5c55174e521fb82b':
Add a mechanism for products to specify default active app linkages
3ec12db0f5155be41d60694f0ac3c9284ff29002 09-Jul-2015 Esteban Talavera <etalavera@google.com> Don't send app links to parent profile if status == never

Bug: 22287521
Change-Id: Ic84e57eab74c0e0b89f1b6a3baa54784157fa96b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
056d6b0069561af5dc16b1c38fc8d18bd876b54b 09-Jul-2015 Todd Kennedy <toddke@google.com> Allow codepath changes for new OTA packages

When an OTA contains a new package, the system performs some gymnastics
to ensure that we use the most up-to-date version of the package in
either the system image or user directory. But, during boot, we enforce
a package's codepath will never change. This prevents a user-installed
package from ever overriding the system provide package [regardless of
version]. In this one, specific instance, we allow a package's codepath
to change.

Bug: 22179337
Change-Id: I2c29a87801fb5960ffbd2268231446895ad1868f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bcf48ed2262d655ebf59153dea645ca761b73db5 22-Apr-2015 Paul Crowley <paulcrowley@google.com> Use mount service to create user dirs.

Bug: 19704432

(cherry-picked from commit 9102f5d953fbde03e12f385b2225004edc43d202)

Change-Id: I64a2c85beef115158feed3953deae32f692e750f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7bd71f65417e0fa643d59abd3c3bdebb9cc992f2 09-Jul-2015 Svetoslav <svetoslavganov@google.com> am 122350fc: am 843d7216: am 353835e1: am c88dec32: am 6638c182: Merge "Fix reset permissions on clear data and package uninstall." into mnc-dev

* commit '122350fca781048e0a59260e2bed233b428cf3fd':
Fix reset permissions on clear data and package uninstall.
7acd33bb3ce840a2588567d6feae71bb8b24b35a 09-Jul-2015 Amith Yamasani <yamasani@google.com> am 2cd92043: am d1087e74: am 5b65be96: am 370c27c7: am 705ba960: Merge "Qualify the uid with the userId when granting permissions" into mnc-dev

* commit '2cd92043c70fefb2534a8e26e5283193e8a7ebd1':
Qualify the uid with the userId when granting permissions
ad3b2975574f916c14382628d50c710a78064746 08-Jul-2015 Svet Ganov <svetoslavganov@google.com> Add an API for apps to query if a permisison is denied by policy.

bug:22177216

Change-Id: I32227f55097fae997f33743fd1eee06cb18f47f1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
01e186437f7c41b5cf8a97becb22d2f369c374da 08-Jul-2015 Christopher Tate <ctate@google.com> Add a mechanism for products to specify default active app linkages

We now have a new tag type in the existing SystemConfig XML files:

<app-link package="..." />

Packages mentioned here are treated as though the user had instructed
the system to always open the app rather than a browser when touching
an HTTP/HTTPs URL that is handled by the app. This default state can
of course still be turned down by the user if they choose.

Bug 21595872

Change-Id: I2824064a891bba3867ee86f81d609d22e83aef7a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6638c182635c6af036980ebdacc9c88411dcf583 09-Jul-2015 Svetoslav <svetoslavganov@google.com> Merge "Fix reset permissions on clear data and package uninstall." into mnc-dev
4a5f4a2bc7a379a5b4174f78fefeefe745e6cd37 08-Jul-2015 Svetoslav <svetoslavganov@google.com> Fix reset permissions on clear data and package uninstall.

If the user clears data for an app we reset the permission but
only the changes made by the user. We do not modify syste or
policy flags and also ensure the permission that were granted
by default are granted after the data wipe. This is the same
as starting with a clean slate.

If the package whose data is cleared is a part of a shared user
we resent to initial state only the permissions that the cleared
package contributed. Hence, if another package also declared the
permission as used we do not clear the permission state as it is
still in use.

When a package is deleted for a user but still present for another
user we reset its permissions to their inital state follwoing
above described strategy.

Lastly when a preinstalled package wtih an upgrade is diabled
(triggers upgrade uninstall) and this package is a part of a
shared user, we do not drop permission state (grants and flags)
for permissions used by the shadowed system package. This ensures
that we do not drop runtime permission state (such state is
default grants and user changes).i

bug:22248525

Change-Id: I3a3007476d2cb9f4ff824e1e137a6e1a4d04408b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6b53c162102e2a4b3d745fcceb1224cc94860b64 09-Jul-2015 Amith Yamasani <yamasani@google.com> Qualify the uid with the userId when granting permissions

Calls to remountUid() for secondary users was not using the
correct uid. This would prevent providing the required
storage permissions to default apps.

Discovered when investigating bug: 22356546

Change-Id: I98c8f6da724e46331c1c90b95969ca0871ef4fe9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ee94484303ebddbb5eb7cc7efa347240ad641bc7 08-Jul-2015 Dianne Hackborn <hackbod@google.com> am 7b3add61: am f368f6b9: am 6ee8a509: am c55c4a28: am b14dc048: Merge "Add new "preinstalled" permission flag." into mnc-dev

* commit '7b3add61c9e47b708725147dffc23d396db37add':
Add new "preinstalled" permission flag.
4e5dac3d6ef6f28aecb116b8dfd92ff31d49c926 08-Jul-2015 Svetoslav <svetoslavganov@google.com> am 3fd5ebfd: am 7cc8de60: am 0ce19f8e: am 240f8e5f: am 3e07ee07: Merge "Grant installer and verifier install permissions robustly" into mnc-dev

* commit '3fd5ebfd778e540276fb5205a8ba3185e620647d':
Grant installer and verifier install permissions robustly
54c70a6e1e17e0d5be60eb0d4fd0bd7637b5c1b6 08-Jul-2015 Christopher Tate <ctate@google.com> am cf0196d2: am 42e511d6: am a1314983: am 7f25ad62: am 15bb16fb: Merge "App linking: permit overlapping link handling" into mnc-dev

* commit 'cf0196d2d01607e68b9bb573984cb57ab22d58a8':
App linking: permit overlapping link handling
5603e8981cf3a4f7b8590902485bb570d192ccf5 08-Jul-2015 Jeff Sharkey <jsharkey@android.com> am 612da87a: am 0a8ef849: am 00bd16d5: am e719d83c: am dafaa45c: Merge "Split app move into separate copy/delete steps." into mnc-dev

* commit '612da87a609ba5f49969a8eb2ec4b519f964ec5f':
Split app move into separate copy/delete steps.
a90c8def2c6762bc6e5396b78c43e65e4b05079d 08-Jul-2015 Dianne Hackborn <hackbod@google.com> Add new "preinstalled" permission flag.

This allows you to specify that a permission can be granted to
any pre-installed system app (not just privileged ones).

And as long as I am doing this, clean up the old "system" permission
flag, renaming it to "privileged" which is what it really is today,
deprecating the old names. And switch the platform's permission
declarations to use the new name.

Change-Id: Iabf484746af232144786851ec7fe90e3de9dddb2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3e07ee078de8e364d6be0b18b2b514e40decdb3c 08-Jul-2015 Svetoslav <svetoslavganov@google.com> Merge "Grant installer and verifier install permissions robustly" into mnc-dev
15bb16fb48f523b6b0d8c03cfe5988096341e29d 08-Jul-2015 Christopher Tate <ctate@google.com> Merge "App linking: permit overlapping link handling" into mnc-dev
050aee236509512f7098941946f12e1fbf2ab8ae 02-Jul-2015 Christopher Tate <ctate@google.com> App linking: permit overlapping link handling

Allow multiple apps to be enabled as link handlers even their set of
accepted domains overlaps. Also, allow app linking to be turned on
even for unverified apps if the user wishes.

Bug 21817604

Change-Id: I8bc7f1764318e5d4bb6ce93c66483fe07e922b1d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3e7d977ff7c743713f0ad6336a039d7760ba47d1 07-Jul-2015 Svetoslav <svetoslavganov@google.com> Grant installer and verifier install permissions robustly

bug:22248271

Change-Id: I3a47ae9a112ba7d88b421fcb5f9651d1168ba7a5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6b7bb60457501ff4110933c3e9b66446eb4f7b19 07-Jul-2015 Jeff Sharkey <jsharkey@android.com> Split app move into separate copy/delete steps.

App movement now has three distinct stages: copying, scanning, and
cleanup. Previously, a battery pull late in the move process would
end up with packages.xml pointing at the old location which had been
torn down. Now, we update packages.xml to point at the new location
as the "source of truth" before we start deleting the old location.

Bug: 21831336
Change-Id: I6f57f37a8cb335127db9ebb7c6b6cfe5755ada99
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e35360d806d0858229ec8dde4929da0bdb93e7d3 07-Jul-2015 Jeff Sharkey <jsharkey@android.com> am 67804838: am ccde254c: am 0cae3e9e: am 7dfe0f83: am 7fd3c296: Merge "Permission to view shared storage for all users." into mnc-dev

* commit '67804838150fc85efb1bd27cc68422197976fe3f':
Permission to view shared storage for all users.
3bb8c854189591fcee16d2a6854fae862b02d1e8 07-Jul-2015 Jeff Sharkey <jsharkey@android.com> Merge commit '1db64c19' into merge3

Change-Id: I0aea6817876a5820a7d67a4de5bef0f86ce702a2
1d0032e6c604cadcff65599f36ce84c0b8a99eda 06-Jul-2015 Dianne Hackborn <hackbod@google.com> am 5f2653ab: am 65b228a0: am d45c7633: am 1a053eaf: am dcd96ead: Merge "Maybe fix issue #22283836 -- package manager NPE." into mnc-dev

* commit '5f2653ab0bad4f4956f419f2b594acc7fdf9ecac':
Maybe fix issue #22283836 -- package manager NPE.
7fd3c296f1991e321e4c69a5e7f918cc3d252625 06-Jul-2015 Jeff Sharkey <jsharkey@android.com> Merge "Permission to view shared storage for all users." into mnc-dev
38cae6c8bcb86236b21d69f852473351c0c1d82a 06-Jul-2015 Jeff Sharkey <jsharkey@android.com> Merge "Reconcile private volumes when mounted." into mnc-dev
32e80d7588720bdc9f8a3e961ac4566d7c80b2b9 06-Jul-2015 Jeff Sharkey <jsharkey@android.com> Permission to view shared storage for all users.

Typical apps are restricted so they can only view shared storage
belonging to the user they're running as. However, a handful of
system components need access to shared storage across all users,
such as DefaultContainerService and SystemUI.

Since WRITE_MEDIA_STORAGE already offers this functionality by
bypassing any FUSE emulation, reuse it to grant the "sdcard_rw" GID
which is no longer handed out to third-party apps. Then we change
the FUSE daemon to allow the "sdcard_rw" GID to see shared storage
of all users.

Bug: 19995822
Change-Id: I504c2a179ba74f142ed0d32da5baa69f4212cd82
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
dcd96ead8457466fb3dfb5978eb1e7e5b560ba91 06-Jul-2015 Dianne Hackborn <hackbod@google.com> Merge "Maybe fix issue #22283836 -- package manager NPE." into mnc-dev
167d588b8b312882262fad4c7a2ae496b270caba 06-Jul-2015 Dianne Hackborn <hackbod@google.com> Maybe fix issue #22283836 -- package manager NPE.

Change-Id: I0383b9a4f1e0b872b3b427e6ad42fd8aa309b7ab
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6dce4964b4d1a13d276d95730b8fb09d6a5a8d04 04-Jul-2015 Jeff Sharkey <jsharkey@android.com> Reconcile private volumes when mounted.

Many things can happen while a private volume is ejected, so we need
to reconcile newly mounted volumes against known state.

First, user IDs can be recycled, so we store the serial number in the
extended attributes of the /data/user/[id] directory inode. Since a
serial number is always unique, we can quickly determine if a user
directory "10" really belongs to the current user "10". When we
detect a mismatched serial number, we destroy all data belonging to
that user. Gracefully handles upgrade case and assumes current serial
number is valid when none is defined.

Second, we destroy apps that we find no record of, either due to
uninstallation while the volume was unmounted, or reinstallation on
another volume.

When mounting a volume, ensure that data directories exist for all
current users. Similarly, create data directories on all mounted
volumes when creating a user. When forgetting a volume, gracefully
uninstall any apps that had been installed on that volume.

Bug: 20674082, 20275572
Change-Id: I4e3448837f7c03daf00d71681ebdc96e3d8b9cc9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e8ce8368fc65c3f5c54c44384be62cf228ceb10e 04-Jul-2015 Svet Ganov <svetoslavganov@google.com> am 55cd6f44: am 6fe87a56: am 68ffcf88: Merge "Teach receivers, activities, providers, and services app ops." into mnc-dev

* commit '55cd6f44fd1e49164a999e948bb91a03a3b9daf6':
Teach receivers, activities, providers, and services app ops.
7e07288c7720001542182a4a70a5395015bcff1c 04-Jul-2015 Dianne Hackborn <hackbod@google.com> am 0783b9a4: am ee987ce4: am 76664d9d: Merge "Work on issue #21589105: Scope WRITE_SETTINGS and SYSTEM_ALERT_WINDOW..." into mnc-dev

* commit '0783b9a47ae682cc85a14284e79643b5087b8c9f':
Work on issue #21589105: Scope WRITE_SETTINGS and SYSTEM_ALERT_WINDOW...
91f0cf89f57a19e03b1c229983554644f72257dc 04-Jul-2015 Christopher Tate <ctate@google.com> am 31e5695b: am 0756cf70: am 61d7acae: Merge "Clear default browser setting when a new browser app is installed" into mnc-dev

* commit '31e5695b6ed5472e0ecd4c10cccaf81d2e4a9242':
Clear default browser setting when a new browser app is installed
279a9a3131635fe84d33231711f40daaa798ae26 04-Jul-2015 Svetoslav <svetoslavganov@google.com> am 90336427: am 56ef372f: am 29563632: Merge "Grant permissions to headless system calendar/contacts sync adapters." into mnc-dev

* commit '90336427fd1fc85e15a43ce36a26576013061d91':
Grant permissions to headless system calendar/contacts sync adapters.
9484b08f5794cb4da1d4bfbcef76a807e0c679c1 04-Jul-2015 Svet Ganov <svetoslavganov@google.com> am fd07652c: am a8522a65: am abbdc864: Merge "Clear binder identity when grantint permisisons to carrier apps" into mnc-dev

* commit 'fd07652c08a50d67dacd5d6212b2953ca4c03de2':
Clear binder identity when grantint permisisons to carrier apps
68ffcf883c15b97d28e36c684d0db3da084727fc 02-Jul-2015 Svet Ganov <svetoslavganov@google.com> Merge "Teach receivers, activities, providers, and services app ops." into mnc-dev
99b6043dad9d215cf15810b885b6b8c215dd5b5a 27-Jun-2015 Svet Ganov <svetoslavganov@google.com> Teach receivers, activities, providers, and services app ops.

Perform app op check in addition to the permisison check for all four
paltform components - activities, content providers, broadcast receivers,
services - if they are guarded by a permssion that has an associated app
op. This ensures that legacy apps will behave correctly if the permission
of the caller has been revoked, i.e. the app op for that permission was
disabled.

bug:22199666

Change-Id: Ia22d1c38d58b3cd6aabdc655cb7c7bddd85da7a2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
76664d9dcfbbe04c50a00ea1e268e80b9a9f6087 02-Jul-2015 Dianne Hackborn <hackbod@google.com> Merge "Work on issue #21589105: Scope WRITE_SETTINGS and SYSTEM_ALERT_WINDOW..." into mnc-dev
61d7acae0cafc265e94a35ad3ba1677f60346de9 01-Jul-2015 Christopher Tate <ctate@google.com> Merge "Clear default browser setting when a new browser app is installed" into mnc-dev
7841eb899561af3b122a5143cdcfe64c0766a5f5 01-Jul-2015 Christopher Tate <ctate@google.com> Clear default browser setting when a new browser app is installed

Even if you have explicitly named a default browser app, when you
add a new browser app to the system it now assumes that perhaps you
might want that to be the new default, so it puts you into the
explicit ambiguity state.

Also fix a bug in the factory-default-browser handling; it was not
examining the set of available browsers.

Bug 22120412

Change-Id: I183ed87a51be1e4aa65457f05b98e406bb7b495d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
de15edaa9bf486a4050bb067317d313fd807bb10 01-Jul-2015 Dianne Hackborn <hackbod@google.com> Work on issue #21589105: Scope WRITE_SETTINGS and SYSTEM_ALERT_WINDOW...

...to an explicit toggle to enable in Settings

Add a new permission flag, saying the permission can be automatically
granted to pre-api-23 apps. Apply this to SYSTEM_ALERT_WINDOW.

Change-Id: I24a0ceabe7e9f5e458a864d30eda2696ad14a699
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2956363244ecb61f48729d93b510ffadac591cae 01-Jul-2015 Svetoslav <svetoslavganov@google.com> Merge "Grant permissions to headless system calendar/contacts sync adapters." into mnc-dev
ca58d80f413417aa98eb424c76dd8fe97af12763 01-Jul-2015 Svet Ganov <svetoslavganov@google.com> Clear binder identity when grantint permisisons to carrier apps

bug:22204562

Change-Id: I79dc2e102d227c991adc849e1cbda8572ee14905
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0010b70beae6fafd3faf06e1b02291f59f9f85db 01-Jul-2015 Svetoslav <svetoslavganov@google.com> Grant permissions to headless system calendar/contacts sync adapters.

bug:21861781

Change-Id: I5f9905a23ba1b23e387adf2cea842172d34207b0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
90a6bb5da207577bc24c2d20f518422214e9213c 01-Jul-2015 Svet Ganov <svetoslavganov@google.com> am 87922ed1: am cf8ec275: am 1aaad610: Merge "Do not hold a lock when calling API to grant default permissions" into mnc-dev

* commit '87922ed1d3dc527d1f9a9ec00fe58549c305ac0f':
Do not hold a lock when calling API to grant default permissions
06324ed4c6017d5343b9e0bba13472e32a2815f5 30-Jun-2015 Svet Ganov <svetoslavganov@google.com> Do not hold a lock when calling API to grant default permissions

bug:22186491

Change-Id: Id0a468423048938a91598629c4921090ec082853
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ee4e4e79f59a808c4c13db8281ac895047ea199a 30-Jun-2015 Svetoslav <svetoslavganov@google.com> am 358a8362: am ae45cfa6: am 03b5f128: Merge "Grant default permissons to the default SMS, Phone, Browser app." into mnc-dev

* commit '358a8362781736a8ddaa27713a0727d4eac1cfd0':
Grant default permissons to the default SMS, Phone, Browser app.
03b5f128dbc375c1a28468773f39e85a5f70fc9a 30-Jun-2015 Svetoslav <svetoslavganov@google.com> Merge "Grant default permissons to the default SMS, Phone, Browser app." into mnc-dev
cdfd230a392d0f0557a3a5bada221b7a05113392 26-Jun-2015 Svetoslav <svetoslavganov@google.com> Grant default permissons to the default SMS, Phone, Browser app.

The default SMS, Phone, Browser are selected in the UI and we
grant default permissions to these. We do this regardless if
they are on the system image as the user has made an explicit
choice in the UI and the permission we grant are considered
essential for such type of a core app to operate properly.

bug:22104986

Change-Id: Ide8caeb524b43dde11a20460666cf34c4d35f84b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2f37bd39217177fc2d49b07a9d1b2821d3177e80 29-Jun-2015 Nicolas Prevot <nprevot@google.com> am d1d1a700: am 64c0c4da: am 6fd49936: Merge "Rename ALLOW_PARENT_APP_LINKING to ALLOW_PARENT_PROFILE_APP_LINKING" into mnc-dev

* commit 'd1d1a700501242cca06b5729c2bd888d6f2d4d52':
Rename ALLOW_PARENT_APP_LINKING to ALLOW_PARENT_PROFILE_APP_LINKING
6fd49936ae6b145cb2a9fe8b9ff75dcd79632daa 29-Jun-2015 Nicolas Prevot <nprevot@google.com> Merge "Rename ALLOW_PARENT_APP_LINKING to ALLOW_PARENT_PROFILE_APP_LINKING" into mnc-dev
7257462a7323234b453c14406724319e3bd75c7a 27-Jun-2015 Christopher Tate <ctate@google.com> am de3d02e4: am e436e19e: am b035c6d9: Merge "Properly scope the "only http/https schemes" intent filter semantics" into mnc-dev

* commit 'de3d02e4c3057c8ab7e40c0592dc2e94f0b42e64':
Properly scope the "only http/https schemes" intent filter semantics
b035c6d9a6827510e6ee3f855827cf6e428adb22 27-Jun-2015 Christopher Tate <ctate@google.com> Merge "Properly scope the "only http/https schemes" intent filter semantics" into mnc-dev
2134744efd305a875b7baa5073358387c479e3e4 27-Jun-2015 Christopher Tate <ctate@google.com> Properly scope the "only http/https schemes" intent filter semantics

That restriction applies only to default-app linkage verification, and
not to any general questions of "is this app effectively a web browser?"

Bug 21688029

Change-Id: I9f6a7bc6dcac5e12ee07f8da6465ad51c1aeddfb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8883d72201cd1e64ce94dfad9e60197770b6287e 27-Jun-2015 Svet Ganov <svetoslavganov@google.com> am 0a5fa7e4: am cf14b8ba: am 143e118f: Merge "Make grant default permission more robust." into mnc-dev

* commit '0a5fa7e410055024eeae2d04c8d58b6dfddef295':
Make grant default permission more robust.
143e118fa90bbeb8cf558ec0d303639d15ee7db7 27-Jun-2015 Svet Ganov <svetoslavganov@google.com> Merge "Make grant default permission more robust." into mnc-dev
ba3ba81eb8756641ae0079ae9da2779cc22aeb89 26-Jun-2015 Svet Ganov <svetoslavganov@google.com> Make grant default permission more robust.

Change-Id: If492ee3305774419671bbdb72b438c8e540005e9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b5381a5b3e1f16031a0525a3bb35f93ebd0f4ed2 26-Jun-2015 Christopher Tate <ctate@google.com> am cba354bf: am 5995f059: am 1c3b7a6d: Merge "Use a framework resource to name a factory-default browser app" into mnc-dev

* commit 'cba354bfe46793985d305281735ce91328fd3e13':
Use a framework resource to name a factory-default browser app
1c3b7a6de6593c8a1c01ce48e04dda7e11471288 26-Jun-2015 Christopher Tate <ctate@google.com> Merge "Use a framework resource to name a factory-default browser app" into mnc-dev
1b96b1302671b9361cf7c7453a2ed2e5a079f4a0 26-Jun-2015 Dianne Hackborn <hackbod@google.com> am fb46261c: am a5de0eb5: am 7c5b5f71: Merge "Fix issue #22023824: Download folder is not created in internal storage" into mnc-dev

* commit 'fb46261c1eb015896d201a0275b41c3ebae11d02':
Fix issue #22023824: Download folder is not created in internal storage
db3fe819902f2bea08746c3e3ea55a9a55e3bac5 25-Jun-2015 Christopher Tate <ctate@google.com> Use a framework resource to name a factory-default browser app

If there is no resource-named default but there is a single factory-
installed browser app, that app is made the titular default.

This also introduces a permission guard on attempts to set the
default browser or the app-link state. These operations are now
contingent on the existing SET_PREFERRED_APPLICATIONS permission.

Bug 21778406

Change-Id: Id099bb9c4141f28917546492657cd2fba472e6b6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ca8e6da41c6e63e3ed17eb461171f1ef2e1d29c6 25-Jun-2015 Dianne Hackborn <hackbod@google.com> Fix issue #22023824: Download folder is not created in internal storage

The media provider and some other things need to be given storage access.

Also, seems like we should give storage access to the camera app as well.

And add a dump dump command that will dump data about a particular
permission name.

Change-Id: Idaaa9bba2ff4dc95290cf6d17e5df933df91e909
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aedb56fd18487d7a34b8ea9f09e4a717afa75a1e 26-Jun-2015 Jeff Sharkey <jsharkey@android.com> Merge commit 'b02c73d5' into manualmerge

Change-Id: I3ec37c9d45d685c2393087bdefa6ab512cc70062
9527b223a9d4a4d149bb005afc77148dbeeff785 25-Jun-2015 Jeff Sharkey <jsharkey@android.com> Let's reinvent storage, yet again!

Now that we're treating storage as a runtime permission, we need to
grant read/write access without killing the app. This is really
tricky, since we had been using GIDs for access control, and they're
set in stone once Zygote drops privileges.

The only thing left that can change dynamically is the filesystem
itself, so let's do that. This means changing the FUSE daemon to
present itself as three different views:

/mnt/runtime_default/foo - view for apps with no access
/mnt/runtime_read/foo - view for apps with read access
/mnt/runtime_write/foo - view for apps with write access

There is still a single location for all the backing files, and
filesystem permissions are derived the same way for each view, but
the file modes are masked off differently for each mountpoint.

During Zygote fork, it wires up the appropriate storage access into
an isolated mount namespace based on the current app permissions. When
the app is granted permissions dynamically at runtime, the system
asks vold to jump into the existing mount namespace and bind mount
the newly granted access model into place.

Bug: 21858077
Change-Id: I62fb25d126dd815aea699b33d580e3afb90f8fd2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f0029c1ddb2875583e62c6a3f96d288e21f2efe2 25-Jun-2015 Nicolas Prevot <nprevot@google.com> Rename ALLOW_PARENT_APP_LINKING to ALLOW_PARENT_PROFILE_APP_LINKING

Also improve the javadoc.

BUG:21701782
Change-Id: I88a75ccfa71b0d5df2f4779987cf0fff56001fd3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0b9b7c505a529f7c6fa3eaf19b845104ebf695a0 25-Jun-2015 Yusuke Sato <yusukes@google.com> Merge "Initialize NativeLibraryHelper.Handle with |pkg|"
390a2080abc2bde5332c027638f5457db42df38c 25-Jun-2015 Yusuke Sato <yusukes@google.com> Initialize NativeLibraryHelper.Handle with |pkg|

to not parse the same apk file again in NativeLibraryHelper.
This will make derivePackageAbi() 2.5x faster. Previously,
derivePackageAbi() took ~330ms to process ~100 system packages
on volantis-userdebug. With this CL, it takes about ~130ms.

Bug: 22063656
Change-Id: I56d7af0ece3030247e2552c34a1007e79279988c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
46b9d3cf44cebaa0128f6f6ce8baeb1895af7893 24-Jun-2015 Christopher Tate <ctate@google.com> am 425bd876: am d1741ef9: am 1af5fe23: Merge "Require that verified intent filters only have http/https <data> decls" into mnc-dev

* commit '425bd87661e318d715458fdfa5de440a2474d437':
Require that verified intent filters only have http/https <data> decls
413020a6ca6e7d4eb7e61e3fe7d7a4c570a605db 24-Jun-2015 Christopher Tate <ctate@google.com> Require that verified intent filters only have http/https <data> decls

It is malformed to write a single intent filter like this:

<intent-filter android:autoVerify="true">
<data android:host="foo.example"
android:path="/"
android:scheme="http" />
<data android:host="*"
android:path="/custom"
android:scheme="fooexamplecustomscheme" />
</intent-filter>

In practice this app is accidentally defining a filter that will match
"http://*". This is now detected, and will never be auto-verified for
any of the mentioned domains.

Verified intent filters must *only* handle the http & https schemes.

Bug 21920537

Change-Id: I933cddbea23185d242565cac940e1e7a7e4e289b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
54b6b3c82bfae75b5562b4ed86441392e3265aaa 24-Jun-2015 Todd Kennedy <toddke@google.com> am 97ea7af9: am 126b5875: am c6040826: Merge "Skip upgrade keys for adopted storage" into mnc-dev

* commit '97ea7af996c5209c9e2ec594b24df71aa1e47415':
Skip upgrade keys for adopted storage
c6486e08fd4041acd04938905485e924dcd18ed1 24-Jun-2015 oleksii stepanian <aste@google.com> am 08502957: am 3285efc0: am e6953913: Merge "Send installerUid for verification when using PackageInstaller." into mnc-dev

* commit '08502957b8bb9743f618a7b65a901c552b44061f':
Send installerUid for verification when using PackageInstaller.
43469fd4a4e0d7b2fd387f74c0c7f23296553b23 24-Jun-2015 Jeff Davidson <jpd@google.com> resolved conflicts for merge of 8685db85 to master

Change-Id: I8fbf397082ac90d6a173785538fd6eeb8e4976f7
c60408264c7fe19d2f1f3550556f7e6bc1ca716d 23-Jun-2015 Todd Kennedy <toddke@google.com> Merge "Skip upgrade keys for adopted storage" into mnc-dev
1d69d48596dae3c3e365182aa13acbd56b106b2e 23-Jun-2015 Amith Yamasani <yamasani@google.com> am ab8d7e31: am af259ee4: am 862ab87b: Merge "Runtime permissions cannot be set on legacy apps by device policy" into mnc-dev

* commit 'ab8d7e31fb1b6526479844111b177be81a54a31c':
Runtime permissions cannot be set on legacy apps by device policy
e6953913536155a5d1f78d184e67a74f9acbe1c1 23-Jun-2015 oleksii stepanian <aste@google.com> Merge "Send installerUid for verification when using PackageInstaller." into mnc-dev
8d9ad19341e19256651ef86274a4382f2c09b279 23-Jun-2015 Jeff Davidson <jpd@google.com> Merge "Default permissions for carrier apps." into mnc-dev
0bf8f7cc3982164a9e11ea4a25ed930e466f1dd8 22-Jun-2015 Amith Yamasani <yamasani@google.com> Runtime permissions cannot be set on legacy apps by device policy

Clarify docs that runtime permissions can be granted or revoked by
a profile owner/device owner only for MNC apps and not legacy apps.

Check the targetSdkVersion and return false if legacy app.

Remove all policy flags from permissions when cleaning up
a device or profile owner.

Bug: 21835304
Bug: 21889278
Change-Id: I4271394737990983449048d112a1830f9d0f2d78
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c293d3ad1a4fbbf616d4dfb041eb9cbf45262b45 22-Jun-2015 Todd Kennedy <toddke@google.com> Skip upgrade keys for adopted storage

Define a new scan flag to control whether or not we're performing
an initial scan for packages. On internal storage, an intial
scan occurs during every boot. For adopted storage, an intial scan
occurs immediately after the adopted volume is mounted or whenever
an application is moved.

Bug: 21815906
Change-Id: Ieda9668230597346bce9ee25ecfa204f931bcef6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2a880312086147577e1e814bda6985fa97fb343b 23-Jun-2015 Jeff Davidson <jpd@google.com> Default permissions for carrier apps.

Grant permissions in the PHONE and LOCATION buckets to default carrier
apps as defined by the telephony stack. Provide a system API to grant
default permissions for carrier apps, as the set of apps may change
when a new SIM is inserted.

Since the phone process is separate from the system process, we need
to allow for binder calls to these APIs.

Also fix a log tag that is too long (android.util.Log drops messages
silently if the tag is > 23 characters).

Bug: 21696731
Change-Id: I98ca0c49c69f621f835ba57c1fd0505f2cec0d0d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
af6052f5464844ba6242a514cdaacc7e259f190b 23-Jun-2015 Christopher Tate <ctate@google.com> am 309499e0: am a116123f: am 6d2268a5: Merge "Back up / restore default app and intent filter verification state" into mnc-dev

* commit '309499e0cd138d30d340460d6c99ecb8292717d1':
Back up / restore default app and intent filter verification state
9a0f9682a91e4000de50c2ced20506516af28342 23-Jun-2015 Nicolas Prevot <nprevot@google.com> am 69042609: am 2e70cf73: am 3ab6f9e6: Merge "Allow cross-profile app linking from work to personal." into mnc-dev

* commit '6904260904176c67f200654d48fd8046c63011f4':
Allow cross-profile app linking from work to personal.
3f4c7e3f7ed4f2a3077993ebf545c2790ace246c 23-Jun-2015 oleksii stepanian <aste@google.com> Send installerUid for verification when using PackageInstaller.

PackageManagerService when used by PackageInstaller
(installStage) does not send calling installer process id.
As a result Play Store application always triggers verification
of packages that are installed.
This causes unnecessary work on the UI thread for each new
install/update.

Bug: 22014920
Change-Id: I8cc9ba7b6fcbe26ee709a5dda284e6cdd11071f1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6d2268a57603e1c60329b93fb853ac2c134cb932 23-Jun-2015 Christopher Tate <ctate@google.com> Merge "Back up / restore default app and intent filter verification state" into mnc-dev
6038d15cbc7f4648ceaadf5f15d1928c4899f98e 17-Jun-2015 Christopher Tate <ctate@google.com> Back up / restore default app and intent filter verification state

For apps not present on device, the state inherited from the ancestral
device is applied when the app is ultimately installed.

Bug 20144515

Change-Id: Ie05b4f1751357fc62f14e259da174b8cf465e913
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3ab6f9e691fac6eeea1af8fb35bd4c41cdd692ca 23-Jun-2015 Nicolas Prevot <nprevot@google.com> Merge "Allow cross-profile app linking from work to personal." into mnc-dev
b7f6342b745b94f29d5add1d41eebfdab5448ce3 22-Jun-2015 oleksii stepanian <aste@google.com> am c80a2322: am 0acee36b: am 2bd8e97f: Merge "Fix race condition in PackageManager." into mnc-dev

* commit 'c80a2322b68d23c62fdc45634029d6e0c7799e12':
Fix race condition in PackageManager.
9edbda18df025527e18614cf0c45d538a27af30f 17-Jun-2015 Nicolas Prevot <nprevot@google.com> Allow cross-profile app linking from work to personal.

If the profile owner sets ALLOW_PARENT_APP_LINKING:

ACTION_VIEW, scheme http/https intents sent from the work profile
can be resolved by personal apps if they specify a host.

BUG:21701782
Change-Id: I372e2405345539eac9d6b4fb08def6bf84da14a6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2bd8e97f996bba0b52ed213f4feb4f367fe019c2 22-Jun-2015 oleksii stepanian <aste@google.com> Merge "Fix race condition in PackageManager." into mnc-dev
5c361fc3c219b6999f1208fbc9e6414b87ed7a18 20-Jun-2015 Svet Ganov <svetoslavganov@google.com> am 4c07f7b5: am 5121345d: am 0f800f7c: Ensure default permissions not dropped on data wipe

* commit '4c07f7b55b3135f8c0066e48195033be3ef6d75e':
Ensure default permissions not dropped on data wipe
0f800f7c163383ce3a49cc99bc2d8097f8961bde 20-Jun-2015 Svet Ganov <svetoslavganov@google.com> Ensure default permissions not dropped on data wipe

bug:21954760

Change-Id: I15de766012e66e171d2089af574687ad513a5d57
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
58498249b68c3bdb1aac7cc99ef55afda94d8a70 20-Jun-2015 Svetoslav <svetoslavganov@google.com> am 635ace07: am 3adcfab7: am 2fbe248c: Merge "Grant default permissions if perms reset on upgrade." into mnc-dev

* commit '635ace07294ea2508fdd3ba4194e8d6b377c2031':
Grant default permissions if perms reset on upgrade.
971e091d523925c42c7f9e670d68c9b55d60ede0 20-Jun-2015 Svet Ganov <svetoslavganov@google.com> am 27479b57: am f5da7202: am 1e575a0f: Merge "Only grant runtime permissions to special components." into mnc-dev

* commit '27479b5752bcb06853ef5ada1813dc139efb7dd0':
Only grant runtime permissions to special components.
f9f75771cc28035525520128e8a74c898c43e12a 20-Jun-2015 Svetoslav <svetoslavganov@google.com> Grant default permissions if perms reset on upgrade.

Change-Id: I371e8eb42dc8e8953a184d29cc2a3bd2c361097e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
161bd9aae46088cb62e78af428ef9f2b1172c0dc 20-Jun-2015 oleksii stepanian <aste@google.com> Fix race condition in PackageManager.

When Google Play installs 2 apps concurrently (e.g.
personal and work profile) PackageManager can hit a
race condition when connection to media container has
not yet been established but the MCS_BOUND event is
triggered from MCS_UNBIND.

Detailed step by step scenario:
1. package1 comes in
2. INIT_COPY (initiate bind, add pending install)
3. onServiceConnected triggers (MSC_BOUND)
4. MSC_BOUND, process pending package and schedule MSC_UNBIND
5. MSC_UNBIND is triggered once the package is verified
6. service is diconnected
7. package2 comes in
8. INIT_COPY (initiate bind, add pending install)
9. MSC_UNBIND scheduled at step 4
10. MSC_UNBIND sees that there is a pending package,
schedules MSC_BIND
11. MSC_BIND arrives before service is connected and we fail.

Solution: do not fail if we wait for connection.

Bug: 21849046
Change-Id: I39928e1efc81ba64e45c622cc08cb786801d6569
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1e575a0f32a00fc6a2f9a71fe1d1eb4426c71787 20-Jun-2015 Svet Ganov <svetoslavganov@google.com> Merge "Only grant runtime permissions to special components." into mnc-dev
adc1cf46045ae756d3a9ccbccf6b0f894e4c1edd 16-Jun-2015 Svet Ganov <svetoslavganov@google.com> Only grant runtime permissions to special components.

Now runtime permissions are granted only to components that are
part of the system or perform special system operations. For
exmple, the shell UID gets its runtime permissions granted by
default and the default phone app gets the phone permissions
granted by default.

bug:21764803

Change-Id: If8b8cadbd1980ffe7a6fc15bbb5f54a425f6e8f9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
83cea22436672551a6af972eb3b1ad28f7f0dfda 19-Jun-2015 Tony Mak <tonymak@google.com> am 8ffdc048: am 2cb9edf5: am 92dfab8d: Merge "Clear granted permission when app is uninstalled by one of the multiple users" into mnc-dev

* commit '8ffdc048f8ec3ef683564c77340f5330e5ad6383':
Clear granted permission when app is uninstalled by one of the multiple users
8e33f63040db4f8326c1bf678645a42ab79c32f3 19-Jun-2015 Tony Mak <tonymak@google.com> Clear granted permission when app is uninstalled by one of the multiple users

Bug: 21838358

Change-Id: Iccd46382c9468d0503da0bb49a49040ae712e2cc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
eb6195c7a2b59d11ff934ead59b2ff7201769502 19-Jun-2015 Sudheer Shanka <sudheersai@google.com> am eaa25779: am a0fa30dc: am a408061c: Merge "Use the intent filter icon in ResolveInfo for managed profile." into mnc-dev

* commit 'eaa2577953eeff27754f6707ac0efa11b77ed947':
Use the intent filter icon in ResolveInfo for managed profile.
6e4019be4b167d5c2d486a2855cefdaffb52709a 19-Jun-2015 Christopher Tate <ctate@google.com> am f45835bf: am 92f8cff8: am 3233a0a6: Merge "Don\'t always dump domain/preferred state" into mnc-dev

* commit 'f45835bf149aecaa169d2ff6a713371831aa8bb1':
Don't always dump domain/preferred state
84406c6899420ec98e5a41f502c13172766ecd6b 19-Jun-2015 Fyodor Kupolov <fkupolov@google.com> am d171cabc: am 01caa29a: am e5bce22d: Merge "Defer writes to runtime-permissions.xml" into mnc-dev

* commit 'd171cabc2c5c132547e20b30928df95876e9217f':
Defer writes to runtime-permissions.xml
9b3890b8dcf18fed6705e0c84fd8cc5fbfe1882d 19-Jun-2015 Jeff Sharkey <jsharkey@android.com> am 282bbbc4: am e5ab13b6: am c8a49a2b: Merge "Write packages.list when granting permissions." into mnc-dev

* commit '282bbbc4358f4e18c7da60397a6f939173048d55':
Write packages.list when granting permissions.
a408061cc7b5efaf090ce9efd5fd0ba1d95e9c11 19-Jun-2015 Sudheer Shanka <sudheersai@google.com> Merge "Use the intent filter icon in ResolveInfo for managed profile." into mnc-dev
3233a0a65c8bd2acce4b8fdfe6ce8e6c20b9a24d 19-Jun-2015 Christopher Tate <ctate@google.com> Merge "Don't always dump domain/preferred state" into mnc-dev
9c896ab226c53020b8495e9d2d6f520a0eb887cb 19-Jun-2015 Christopher Tate <ctate@google.com> Don't always dump domain/preferred state

Change-Id: Ie0431b6c3cb1a9f372a142637359c42b182d4b1b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e5bce22dc098d5da9ff573f4aac812272de3c0af 19-Jun-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Defer writes to runtime-permissions.xml" into mnc-dev
c8a49a2b95d6ed182cbc966676d17f98e1ccd816 19-Jun-2015 Jeff Sharkey <jsharkey@android.com> Merge "Write packages.list when granting permissions." into mnc-dev
b43ec54c23cdb1af88812c5221b62b6218a35b09 19-Jun-2015 Jeff Sharkey <jsharkey@android.com> Write packages.list when granting permissions.

Some permissions have the side effect of adding GIDs right now,
so we need to flush out packages.list.

Bug: 21874693
Change-Id: Ia4398c9f84cf7f151248f821b3fa2c12bdf91b80
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
22afc5469efb924dea20902e3618735691e14f4a 18-Jun-2015 Dianne Hackborn <hackbod@google.com> am 2133afc7: am d21b695f: am 22433a33: Merge "Fix issue #21814207 and issue #21814212 (alarm manager)" into mnc-dev

* commit '2133afc77aa36f186b9e5c0ff9954d0d26848e3e':
Fix issue #21814207 and issue #21814212 (alarm manager)
a750a63d639f6936af456df904fa6b9ba941885e 17-Jun-2015 Dianne Hackborn <hackbod@google.com> Fix issue #21814207 and issue #21814212 (alarm manager)

Issue #21814207: AlarmManager.setAndAllowWhileIdle should also allow wake locks.

Introduce a whole new infrastructure for providing options when
sending broadcasts, much like ActivityOptions. There is a single
option right now, asking the activity manager to apply a tempory
whitelist to each receiver of the broadcast.

Issue #21814212: Need to allow configuration of alarm manager parameters

The various alarm manager timing configurations are not modifiable
through settings, much like DeviceIdleController. Also did a few
tweaks in the existing DeviceIdleController impl.

Change-Id: Ifd01013185acc4de668617b1e46e78e30ebed041
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
13ae6679e1d68263f9196de1bcf7cf16c0f6599f 17-Jun-2015 dcashman <dcashman@google.com> am daccbc0a: am 1208e343: am 2f902959: Merge "Make keysetmgrservice gurantees explicit." into mnc-dev

* commit 'daccbc0a3c34808d5818f2e754b60731c803a14c':
Make keysetmgrservice gurantees explicit.
2f902959245f1cae57827025b8711a059faaf782 16-Jun-2015 dcashman <dcashman@google.com> Merge "Make keysetmgrservice gurantees explicit." into mnc-dev
3c13a2a5bc452777a785c1de74fff56a7cde9cdb 16-Jun-2015 Fyodor Kupolov <fkupolov@google.com> Defer writes to runtime-permissions.xml

In grantPermissionsLPw, use async version of writeRuntimePermissionsForUserLPr
to defer writes to runtime-permissions.xml.

Change-Id: I9dcae74199d26b6a988e35dff97b038d435e1e16
Bug: 21849928
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
00c06628286ad4a86d421ed7c4708b83f595e234 16-Jun-2015 Christopher Tate <ctate@google.com> am 0375282a: am 73f2f66a: am 60177af8: Merge "Clean up app-link verification policy" into mnc-dev

* commit '0375282aa24c9045ce88c24fdda0f8b39d122e0b':
Clean up app-link verification policy
87f794f0bf8b53d6c983968f398c4bde4cb6a014 03-Jun-2015 dcashman <dcashman@google.com> Make keysetmgrservice gurantees explicit.

Add exceptions/checks for keysetmgrservice interractions which *should* never
happen, but would result in NPE or invalid metadata. Also handle mismatches
between package and keyset metadata in packages.xml.

Bug: 20128916
Change-Id: Ia0f63f78d232d9d8d9fbe4cd8e6cc3406e5192a7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
72c10a25f0b91bac8d50ec512d37d516ece7c9d5 13-Jun-2015 Christopher Tate <ctate@google.com> Clean up app-link verification policy

If an app claims to be the official auto-verified app for any domain
and thus the automatic handler for ACTION_VIEW / {http,https}://...
intents naming that domain, then we require that it verify as the
official app for *all* domains it purports to handle, even if the
other domains are not flagged for verify.

Bug 21335460

Change-Id: I3fdd8620defa31aea36ce738fa63ac94fc53c5f7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c7abf0fd67bae8b9c564d7b7afdce79886da5e4f 15-Jun-2015 Christopher Tate <ctate@google.com> am 6e416059: am ee5b89ac: am f63655e4: Merge "Use HTTPS when fetching app link verification resources" into mnc-dev

* commit '6e41605982d4d658e1588a3bd4240e039d8f9454':
Use HTTPS when fetching app link verification resources
f63655e49fcccd922e8d5f61c67f58bd4a361211 15-Jun-2015 Christopher Tate <ctate@google.com> Merge "Use HTTPS when fetching app link verification resources" into mnc-dev
7dd20eb501adbfd9a51dccbb195f93aee64e109e 14-Jun-2015 Svet Ganov <svetoslavganov@google.com> am ab47ce05: am d0fe86b5: am a5c852e0: Merge "Clear runtime permissions on package data reset." into mnc-dev

* commit 'ab47ce059f806f282c565059a745f662c943d8e3':
Clear runtime permissions on package data reset.
a5c852e03abb9372a6928271a930d7d79e4ec45e 14-Jun-2015 Svet Ganov <svetoslavganov@google.com> Merge "Clear runtime permissions on package data reset." into mnc-dev
2a30be19006ede27ee524da89b6c4a1b551b1d76 14-Jun-2015 Svet Ganov <svetoslavganov@google.com> Clear runtime permissions on package data reset.

bug:21817488

Change-Id: I7c51fee5206e3bcb79951f237a71862f0752a709
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e152699d90cc309e72383e964cd70b7448e7f366 13-Jun-2015 dcashman <dcashman@google.com> am 2eb24eb1: am 5bcf8d9d: am 1a3048f3: Merge "Don\'t use upgrade-key-sets check when scanning during boot." into mnc-dev

* commit '2eb24eb1fce4ab7c7ae022275d66a3391a57866f':
Don't use upgrade-key-sets check when scanning during boot.
3c458636494f28685146060e1252f52fe43ed38a 12-Jun-2015 Christopher Tate <ctate@google.com> Use HTTPS when fetching app link verification resources

Bug 20016932

Change-Id: I30b4e052795551f3048b3adf29cd89ec0501fce8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
465ef5c43940e31ff4479175e51793c63a0e05ab 12-Jun-2015 dcashman <dcashman@google.com> Don't use upgrade-key-sets check when scanning during boot.

Apps may specify upgrade-key-sets which are different than their current signing
keys to prevent a future upgrade with the current set of keys. Every package is
re-scanned on boot, however, so the existing application would violate its own
recorded upgrade-key-sets. Change the key verification check to ignore
upgrade-key-sets on boot. Also default to the same-sig checks if the
upgrade-key-set meta-data has been corrupted.

Bug: 21785716
Change-Id: I5c0c1e2017ec780a745a74488620bfe95b052269
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4c7ce67197d43eb2831707898ef8f0e8d2e4fe51 05-Mar-2015 Alan Treadway <alantreadway@google.com> Fix test execution documentation in PackageManagerService.

Change-Id: Ie38c0a353e0c9d2ada6d39257083b14b60552630
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
75a0ee081fa31b75649e164a8bf79a23a3ebd060 11-Jun-2015 Svetoslav <svetoslavganov@google.com> Merge "Add system API to watch for permission changes" into mnc-dev
f7c06eb03ab4479b9d0656a23a4733d17e995183 11-Jun-2015 Svetoslav <svetoslavganov@google.com> Add system API to watch for permission changes

Change-Id: I1ce450a59fb326c14848f46732d877dea33f33c7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7cbe9f03a968ef42840d234ea325b69f4b1f1417 10-Jun-2015 Dmitriy Ivanov <dimitry@google.com> Merge "Fix abi-detection for 32-bit system apps" into mnc-dev
44a2d978d13e2370bdb057c08faede145f937c70 10-Jun-2015 Dmitriy Ivanov <dimitry@google.com> Fix abi-detection for 32-bit system apps

Some system apps are still special and use symlinks
to /system/lib. For these apps we try to detect abi
based on directory structure if detecting abi the
regular way was failed.

Bug: 21668152
Bug: 21711506
Change-Id: Ic048e5f4c24d06ca2cb917d7a061a41bde597e9f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ab4bb9d1fec685dab0fce9232c9a3477fab356b3 06-Jun-2015 Dianne Hackborn <hackbod@google.com> Fix issue #21571700: Need to be smarter about how foreground...

...services get out of app idle

Introduce a new process state to even better distinguish foreground
services from other states. Rework the INTERACTION reporting to
usage stats to do it less when the screen is off -- require that
an app sit in the foreground service or top activity state for
at least 30 minutes before we consider it an interaction.

Also eradicate a bunch of logging in package manager.

Change-Id: I94249e67f9a9c62e9a92ae104710e6747b16327e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b5766468538de200d26012d96019db26bccac5d4 08-Jun-2015 dcashman <dcashman@google.com> Merge "Add SYSTEM_DIR check to upgrade-key-set verification." into mnc-dev
f61ae2de25a2dd09024bf5a8462b4408203c928b 08-Jun-2015 dcashman <dcashman@google.com> Add SYSTEM_DIR check to upgrade-key-set verification.

Bug: 21697139
Change-Id: I7e6ce3d7f231e0ca5da1f501c80342a04f6c2a1e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
25bb4553f379c70244f52d4864eab18530aa0a2e 08-Jun-2015 Dimitry Ivanov <dimitry@google.com> Merge "Revert "Print exception stacktrace on failed scanPackageLI"" into mnc-dev
47fc7fe7f6bd5a44c20c4b03d3195f601bcc3735 08-Jun-2015 Dimitry Ivanov <dimitry@google.com> Revert "Print exception stacktrace on failed scanPackageLI"

This reverts commit 95b7d50ce1a1ae879bbb1b8b8262172744c28d0e.

Bug: 8076853
Change-Id: Ia19e6638a97b7b49561932752a204990e3a486d4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a25a3d6187d7c60991212361e6cf28439cfd1a08 01-Jun-2015 Dmitriy Ivanov <dimitry@google.com> Fix abi detection for system apks

Prebuilts open their libraries directly from apk.
Because of that abi detection is no longer as
special as it was before.

Bug: 20810492
Bug: 8076853
Change-Id: Icbd39d6062f3c1fcad2038e712b98fbdd9aa2196
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cd1fc1465bb16eca10cc29fe887c63b0cff178e9 11-May-2015 Narayan Kamath <narayan@google.com> Don't compile all splits when installing one.

This patch consists of two broad changes :
- don't "force" dex2oat when installing a new app. this should never
be necessary because we will always compare checksums.

- when staging a new install, we "inherit" (hard link) all compiled
oat files from the previous install. this will ensure that we compile
only those files that have changed, and not all of them

bug: 20889739
Change-Id: I3e14335f3bcfe76d1d24d233f53a728a6d90e8a1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
20770ddbd4d6f2af0093f36462a8f44a678b084b 30-May-2015 Svetoslav <svetoslavganov@google.com> Add API to hint whether to show on-board UI before a permission request.

bug:21511988

Change-Id: I9d1d7adf34b68074e65510f53b6e642cf784cf6b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
95b7d50ce1a1ae879bbb1b8b8262172744c28d0e 02-Jun-2015 Dmitriy Ivanov <dimitry@google.com> Print exception stacktrace on failed scanPackageLI

The current message does not provide enough
information to figure out what is going on.

Bug: http://b/8076853
Change-Id: I741781ce6829eac44e4edddd0a545f3be743ceeb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
623b58b2cfcb778f52d2393bc4093ee721c3f16c 28-May-2015 Narayan Kamath <narayan@google.com> Avoid inspecting packages twice to deduce ABIs for moves / installs.

In the case of moves, we can use the existing ABIs from settings because
a move will not result in an ABI change. For new installs, we can just
use the ABI we deduced for compiling (dex2oat) the package.

bug: 21144503
Change-Id: I35e2e8abd47f547b6252271fc6b41d30719c4298
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9ded760f6378b79ae5f91fe694744981a4154d0b 19-May-2015 Sudheer Shanka <sudheersai@google.com> Use the intent filter icon in ResolveInfo for managed profile.

Bug: 20753645
Change-Id: Ifed4b498524272517c9f3338ba88fcbcd3b22075
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4f11754f72ac4c60448b36a1a933cdc2d7bc1870 08-May-2015 Wojciech Staszkiewicz <staszkiewicz@google.com> Pass charset to XmlPullParser.setInput instead of null

Passing null to XmlPullParser.setInput forces it to do additional
work, which can be easily avoided if we know the charset beforehand.

bug: b/20849543

(cherry picked from commit 9e9e2e73c6ec7bece20268196dc89ad0c8bafad4)

Change-Id: Iaff97be9df2d0f99d7af8f19f65934439c9658e2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
561e13d687bf698b759cd0dbb653f3250a5b6917 21-May-2015 Narayan Kamath <narayan@google.com> Fix application moves.

We don't dex2oat during application moves, so we must scan
the package again scanPackageDirtyLI to deduce its ABI.

This is unnecessary (since a move cannot change ABIs), but we
need some additional refactoring to avoid a second scan.

bug: 21337469

(cherry picked from commit cd251fa382e887f59c278d4d7cd0a858812c6114)

Change-Id: Id1ed3bdfabb41e05e6a2f7efbd05d2103a67c663
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a96ecf78214a56c16051b2a5a71fe20324984714 20-May-2015 Narayan Kamath <narayan@google.com> Throw a checked exception on inconsistent installs.

Allows us to proceed without crashing the system process. Also,
complete an incomplete error message. Follow up comments from
change b904863476991d8540d37d5.

bug: 21144503

(cherry picked from commit c52ae28006605fb2da38b305b60b9bb419aa2f80)

Change-Id: I47b8762449714162fcd5c16eba6fcc146b93120b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2b6d792ad56795050f01abbd2d732cf717037b1c 18-May-2015 Narayan Kamath <narayan@google.com> Scan package to derive ABIs before optimizing.

This requires a minor refactor to extract the ABI detection logic
out of scanPackageDirtyLI.

Note that there's a minor regression here : we ignore the
cpuAbiOverride from the package settings when calculating the
CPU ABI. This is OK (and possibly better behaviour) because this
is only a debug only option (for adb install) AND because the instructions
require users to specify the abi override on every adb install
invocation. Furthermore, the behaviour when an ADB installed app
(with an override) is auto-updated is more consistent.

bug: 21144503

(cherry picked from commit b904863476991d8540d37d542c0a49b78deab680)

Change-Id: I1eb88b808fd2e90e14c32322131659220aafdb7a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
589f2b53f2ad4639d5a193bc89e903a8b2400975 23-Apr-2015 Fyodor Kupolov <fkupolov@google.com> Do not create oat directory for an app in ASEC container

Currently installation fails, if an app is located on SD card (inside ASEC).
If an app is located inside ASEC, dexopt output should go to
/data/dalvik-cache. dexopt also needs to be performed at a later stage,
because the name of the oat file contains the absolute path to the dex file.

Bug: 20452651
Bug: 21360107

(cherry picked from commit 94056d1cb8183bde3e942336735b289b9654deb1)

Change-Id: Id1ced7159e5af9c05be0b637437b3b260e859c1d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
cd251fa382e887f59c278d4d7cd0a858812c6114 21-May-2015 Narayan Kamath <narayan@google.com> Fix application moves.

We don't dex2oat during application moves, so we must scan
the package again scanPackageDirtyLI to deduce its ABI.

This is unnecessary (since a move cannot change ABIs), but we
need some additional refactoring to avoid a second scan.

bug: 21337469

Change-Id: I3e9dfd5db1c928847f9d527dc15d29a05ff40e7d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c52ae28006605fb2da38b305b60b9bb419aa2f80 20-May-2015 Narayan Kamath <narayan@google.com> Throw a checked exception on inconsistent installs.

Allows us to proceed without crashing the system process. Also,
complete an incomplete error message. Follow up comments from
change b904863476991d8540d37d5.

bug: 21144503

Change-Id: Idb6a33f93b70b4e5e2bca95d2d3af0e2adaeedf3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6503e69d1dfe425f292c6e982bb87cf12b1f4397 20-May-2015 Svetoslav <svetoslavganov@google.com> Prevent modification of system fixed permissions

Change-Id: I061b993df305f27e52f08dad54f1bdbf162de4d9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6d9a53abbc94788dc02f7ebde30744753e0a5a3d 20-May-2015 Svetoslav <svetoslavganov@google.com> Merge "Handle downgrading a runtime permission to an install one" into mnc-dev
a1d0f3031f3aff9c17c0bd6e1bdfd788a2b79ab9 20-May-2015 Svetoslav <svetoslavganov@google.com> Handle downgrading a runtime permission to an install one

bug:21300531

Change-Id: I5c020c0faae3e727bbe898441c58116e2ab892b8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b3793d7201c2555cc1f6b01dbed47429b7d31be4 20-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add IntentFilter auto verification - part 12" into mnc-dev
f2fec45280682b0b2531781d8f9bd34f64fe164d 19-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 12

- again tune Intent resolution candidates filtering: first add always list
if not empty, other wise add undefined and browsers. If the list is still
empty at the end, then add all the initial candidates.

See bug #19628271

Change-Id: I21f5313daf7bec1049c1e7c08275c825855d2935
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b904863476991d8540d37d542c0a49b78deab680 18-May-2015 Narayan Kamath <narayan@google.com> Scan package to derive ABIs before optimizing.

This requires a minor refactor to extract the ABI detection logic
out of scanPackageDirtyLI.

Note that there's a minor regression here : we ignore the
cpuAbiOverride from the package settings when calculating the
CPU ABI. This is OK (and possibly better behaviour) because this
is only a debug only option (for adb install) AND because the instructions
require users to specify the abi override on every adb install
invocation. Furthermore, the behaviour when an ADB installed app
(with an override) is auto-updated is more consistent.

bug: 21144503
Change-Id: I74e7c493468ee0088eb615c9a7fe30b4d7cf27de
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a91a6f68f4c2564f763d28a3cfcd9d8b7a3f5db9 16-May-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Hold wakelock while dexopting" into mnc-dev
e650fd95a9d87f74fb420687b7062c9d428ef3f1 15-May-2015 Svet Ganov <svetoslavganov@google.com> Merge "Fix grant/revoke to act on owner by default and log invalid user id." into mnc-dev
4ccca50d7e501154127ac360e0fcbae850b1bbc8 15-May-2015 Svet Ganov <svetoslavganov@google.com> Fix grant/revoke to act on owner by default and log invalid user id.

bug:21163229

Change-Id: I66d0cc130b37b5752ed06afc73259ed41bfb7830
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9e9e2e73c6ec7bece20268196dc89ad0c8bafad4 08-May-2015 Wojciech Staszkiewicz <staszkiewicz@google.com> Pass charset to XmlPullParser.setInput instead of null

Passing null to XmlPullParser.setInput forces it to do additional
work, which can be easily avoided if we know the charset beforehand.

bug: b/20849543

Change-Id: Iaff97be9df2d0f99d7af8f19f65934439c9658e2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
857c3019bac34bbabaa8d5ebb4ab0047ca07cfc5 14-May-2015 Svetoslav <svetoslavganov@google.com> Merge "Do not allow opting out from the new permission model." into mnc-dev
d9653703987f0ba194df6383d766173f65bf758e 14-May-2015 Svetoslav <svetoslavganov@google.com> Do not allow opting out from the new permission model.

bug:20525775

Change-Id: I84cd4587db5adb96f6f29148adb242905f53f2dc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aef477a65e9baaf1feb2c60350f1faf0132d8e92 14-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add IntentFilter auto verification - part 11" into mnc-dev
b371c7b6e234bda71a0266e67722c859227f643c 14-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 11

- tune Intent resolution candidates filtering: add also the undefinedList
into the results at first so that when you install an App which is not
verified (after installing a verified App) you will still have the
Disambiguation Dialog prompted to the User.

See bug #19628271

Change-Id: I611fff4c1c7f60db22312d7948c8d5120719fbd0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fe112e7b388fe582a4e57c26fdf651511b0bbb5a 14-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add IntentFilter auto verification - part 10" into mnc-dev
649efc68cb3cd9648db6801989108c79f99dc1f2 14-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 10

- tune Intent resolution candidates filtering: remove the undefinedList
from the results and then add it again it there is no more candidates.

See bug #19628271

Change-Id: I9ab077f6a431367be8bab30c134d34e1e7ac51ed
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b3f22b48bbd4e4816212e596e3cb612457d48fe5 12-May-2015 Svet Ganov <svetoslavganov@google.com> Runtime permissions for system components not revokable - framework

Change-Id: I5b1d7bb1618ffa8d1231618ece47d0905c82f7bf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e2f43948d1de58e49192b97306e8a4e1c99412f4 12-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add user selectable Default Browser feature - part 6" into mnc-dev
3453e081e0a94bbb0b8c1d58ce4ccdbf2e53639e 12-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Add user selectable Default Browser feature - part 6

- if a default Browser is not defined and if a Browser App
is selected into the disambiguation dialog, then make it as
the default Browser
- clear default Browser saved data (package name) when
the default Browser App is removed

See bug #20144393

Change-Id: Ia8621d7a61ec2cb60deded9d70f75f1e1d88d123
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8c7f700a59ad26e75c9791335d78f14322cad49a 07-May-2015 Svet Ganov <svetoslavganov@google.com> Add permission meta-state flags to support grant/revoke permission policy.

We now maintain a mata-state with each permission in the form of flags
specyfying the policy for this permission. This enables support of the
following use cases:

1. The user denies a permission with prejudice in which case an app cannot
request the permission at runtime. If an app requests such a permssion
it gets a denial unless the user grants the permission from settings.

2. A legacy app with disabled app-ops being upgraded to support runtime
permissions. The disabled app ops are converted to permission revocations.
The app ops manager is a part of the activity manger which sits on top
of the package manager, hence the latter cannot have a dependency on the
former. To avoid this the package installer which is the global
permission managment authority marks the permission as revoked on
upgrade and the package manager revokes it on upgrade.

3. A device policy fixing a permission in a granted or revoked state. This
additional information is folded in the meta-state flags and neither
apps can request such permissions if revoked not the user can change
the permission state in the UI.

Change-Id: I443e8a7bb94bfcb4ff6003d158e1408c26149811
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a627c094e67f640dfe3b2ac0b633edcf51270cf4 06-May-2015 Fyodor Kupolov <fkupolov@google.com> Hold wakelock while dexopting

Bug: 19521294
Change-Id: Ieed9b98ecb4a3332ce652d76c2bac8c312917ca1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aef021042e1bc6851a9d66f40f00cea021d357c7 07-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add IntentFilter auto verification - part 8" into mnc-dev
1f09b8c0c2a08fa5169a36031efcb3f34ec5f163 07-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 8

- fix clearing of Intent Verification Status: now do it at the correct
time when the PackageSettings info is still there
- reduce writing of Settings

See bug #19628909

Change-Id: I9113333c330964249342108fa1ca7b8ec89c3322
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4a64b19f239b6bff82a032329ce5781681843044 05-May-2015 Svet Ganov <svetoslavganov@google.com> Merge "Permission UI - legacy apps support" into mnc-dev
019d2304998f3ed77c0a608df6cf4bea1138f8dc 04-May-2015 Svet Ganov <svetoslavganov@google.com> Permission UI - legacy apps support

Change-Id: Id3f98c138422d33868363d587dd196898b42a0d4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
44b60be189183138437a3faf9a73388af0efcf44 05-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add user selectable Default Browser feature - part 5" into mnc-dev
7d1a9d056261fdf304215c9b53b7cc4f4422e1db 05-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Add user selectable Default Browser feature - part 5

- check and clear default Browser if its package is no more available

See bug #20144393

Change-Id: I60a1b8f11058f3a4f9dc80440027ab72fe7cce2e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8ef631de47d4e52cafe5f9182633892b480dfcdb 04-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add user selectable Default Browser feature - part 4" into mnc-dev
4c92949993e77e1727f5d967b070074dd8f67a5c 02-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Add user selectable Default Browser feature - part 4

- when selecting a default Browser App, make the others Browser Apps
not capable to open URLs automatically

See bug #20144393

Change-Id: I6ffaafbfb1a2571c0eba90af5c1648150b020559
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
83bb765b046a3c6d90abbd65545d4532f647ae14 01-May-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add IntentFilter auto verification - part 7" into mnc-dev
1de3f0dcafb0c5ceb3d9bec96a5c630bb8d4a515 30-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 7

- update packages priming so that it effectively save its data
- use ArraySet instead of ArrayList for list of domains (a set
is preferable as we dont want duplicates)

See bug #19628909

Change-Id: I52085f4bc28dcbc7fbc02ba0898abcd4ae9cf1e2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a320505f3a39e21f29065f0f2a01089363825318 01-May-2015 Jeff Sharkey <jsharkey@android.com> Merge "Move both app code and data together." into mnc-dev
bd0e9e4958acdc6ab5f607bc252fddba877d20f9 01-May-2015 Jeff Sharkey <jsharkey@android.com> Move both app code and data together.

Refactor app movement code into the normal install flow as a new
flavor of InstallArgs. It copies both app code and data during the
copy step, and just updates paths during the rename step.

Measure free space before kicking off a move. Spawn a thread to
derive a hacky progress estimate based on free disk space counting
down.

Remove checkFreeStorage() and getLegacyNativeLibraryPath() which
nobody was calling. Fix deadlocks around package broadcasts, and fix
wrong lock ordering when loading packages.

Bug: 19993667, 20275578, 20370140
Change-Id: I7bbf14c924a724d6ebb8a41a02434750fa3302bc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
dc4ad271f931eca48ab8ef22ef76db740d179d99 30-Apr-2015 Benjamin Franz <bfranz@google.com> Merge "Add package name extra to PackageInstaller callback" into mnc-dev
e31b820dad4c5f2b19ee10479a675a139ad3c61e 30-Apr-2015 Jeff Sharkey <jsharkey@android.com> New "frozen" state during app move/upgrade.

This replaces mOperationPending, which was in an odd place. It adds
a new PackageSetting.frozen flag that is a last-ditch effort to
prevent ActivityManager from starting an app while it's being moved
or upgraded.

Also provides clearer guarding around all upgrades by freezing,
killing, upgrading, then unfreezing.

Bug: 20275579
Change-Id: I28bb0359a6f4e05080fb336b18dd2a249509d989
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
50a05454795c93ac483f5cb6819e74cb17be1b5b 29-Apr-2015 Jeff Sharkey <jsharkey@android.com> Returning to wizard, split move events.

Finish wiring up notifications to jump back into in-progress wizard
flow, using moveId as identifier.

Split move events back into separate creation and progress events,
and pass details as bundle to pass extra stuff like UUID. Null
package still means moving primary storage.

Add explicit "volume forgotten" event for PackageManager to clean
up internal state with.

Plumb through internal path reported by vold, and bring back FUSE
bypass rewriting optimization.

Bug: 19993667
Change-Id: I0f43edbba36c58c5cd33550022c54c4eb9f01a48
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2e3e943ccd419dd10d3e4df5ae7640e8b020cc76 17-Apr-2015 Benjamin Franz <bfranz@google.com> Add package name extra to PackageInstaller callback

If an app invokes app install via PackageInstaller APIs without knowing
the package name, the callback contains no information about the name
of the installed package. Add EXTRA_PACKAGE_NAME to this callback.

Also allow PackageInstaller to distinguish between a newly installed and
an updated package.

Bug: 19764848
Bug: 20150135
Change-Id: I062440a08df9a723e9445ea10bc6f6800c5b99a8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1c4a44e577c7b8316172d1bf5357d006776ae75e 23-Apr-2015 Nicolas Prevot <nprevot@google.com> Do not return cross-profile intent results to a non-enabled user.

In PackageManagerService.queryIntentActivities, do not return
ResolveInfos targeting a user which is not enabled.

BUG:19578138
Change-Id: Id4e730ca8671c26f8cf077bc9c66b3dbd37be482
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b36586a7c9b7718f33961406537e27bbd9b16211 27-Apr-2015 Jeff Sharkey <jsharkey@android.com> Split some VolumeInfo state into VolumeRecord.

VolumeRecord is a historical record of a volume that we've seen in
the past. It's now surfaced outside the framework for SystemUI to
drive the notifications that bug users to reinsert missing private
volumes.

Show progress notifications for both storage and package movement
operations. Notify when an empty disk is inserted (no usable volumes)
which launches into the normal format flow.

Add API to forget volumes.

Bug: 20275424, 20275424
Change-Id: I75602c17fdcd4d1f1f62324e1a08c4a33093eefa
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9f7e39fc9d278642a29df48daf44dceff11acd17 11-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Use Default Browser App for IntentResolution when needed

- add MATCH_ALL as a new flag for telling that all results need to
be returned (even if there is some sort of filtering done).
- take into account the default Browser App for Intent resolution
- also, dont do any domain verification priming for non system app

See bug #20144393

Change-Id: Iddd1f2029e3bbf3b99ebc5f416dc7f17e5bad10c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
275e3e43f2fba72fa99001cafa2a70e5478fc545 25-Apr-2015 Jeff Sharkey <jsharkey@android.com> Migrate primary external storage.

Wire up through MountService to call down into vold. Watch for
unsolicited events that report progress, including special value "82"
that signals that copy has finished. We use this value to persist
the volumeUuid in case of unexpected reboot, since it indicates the
new volume is ready.

Wire progress updates through existing callback pipeline.

Update the volume mounting code to match against the persisted UUID
when selecting the primary external storage.

Bug: 19993667
Change-Id: Id46957610fb43517bbfbc368f29b7d430664590d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
620b32b316fd4f1bab4eef55ec8802d14a55e7dd 24-Apr-2015 Jeff Sharkey <jsharkey@android.com> Package and storage movement callbacks.

Since package and primary storage movement can take quite awhile,
we want to have SystemUI surface progress and allow the Settings
app to be torn down while the movement proceeds in the background.

Movement requests now return a unique ID that identifies an ongoing
operation, and interested parties can observe ongoing progress and
final status. Internally, progress and status are overloaded so
the values 0-100 are progress, and any values outside that range
are terminal status.

Add explicit constants for special-cased volume UUIDs, and change
the APIs to accept VolumeInfo to reduce confusion. Internally the
UUID value "null" means internal storage, and "primary_physical"
means the current primary physical volume. These values are used
for both package and primary storage movement destinations.

Persist the current primary storage location in MountService
metadata, since it can be moved over time.

Surface disk scanned events with separate volume count so we can
determine when it's partitioned successfully. Also send broadcast
to support TvSettings launching into adoption flow.

Bug: 19993667
Change-Id: Ic8a4034033c3cb3262023dba4a642efc6795af10
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
94056d1cb8183bde3e942336735b289b9654deb1 23-Apr-2015 Fyodor Kupolov <fkupolov@google.com> Do not create oat directory for an app in ASEC container

Currently installation fails, if an app is located on SD card (inside ASEC).
If an app is located inside ASEC, dexopt output should go to
/data/dalvik-cache. dexopt also needs to be performed at a later stage,
because the name of the oat file contains the absolute path to the dex file.

Bug: 20452651
Change-Id: I4432ca7a0b0e88b705705acf42e5cae78cadf729
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
529f91fc8e7e884ef19bef8eb3e4e3a1d69336f4 19-Apr-2015 Jeff Sharkey <jsharkey@android.com> Always send volume UUID with installd commands.

Since packages can be moved to other volumes, all relevant commands
to installd now require an explicit volume UUID parameter.

Bug: 20275577
Change-Id: Ie84f5bc43c7aada5800b8d71692c7928b42b965e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7e92ef3a1146102806fa0543ef12e09231c55639 18-Apr-2015 Jeff Sharkey <jsharkey@android.com> Volumes know parent disks; unsupported disks.

This is cleaner and more direct than the reverse of having the disk
publish child volume membership. Rename state constants to match
public API. Add state representing bad removal. Make it clear that
volume flags are related to mounting.

Send new unsupported disk event when we finish scanning an entire
disk and have no meaningful volumes.

Splice disk labels into description when known. Only adoptable
slots are directly visible to apps.

Bug: 19993667
Change-Id: I12fda95be0d82781f70c3d85c039749052dc936b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e2d45be4dae116307f8edd85eaa61134221cb8f9 16-Apr-2015 Jeff Sharkey <jsharkey@android.com> Candidate volumes for packages, fix symlink.

Add API to determine the possible candidate volumes that a package
can be moved to. For example, it currently knows that we need to
move ASEC-based apps through internal storage before migrating them
to a private volume.

Comparator for consistent VolumeInfo ordering when displayed in UI.

Fix native library symlink to be volume UUID aware.

Bug: 19993667
Change-Id: I68d5fac5f0f776ac1c7dd15e7a984bfe2704f3f7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
afd1fc3ccc7c5627c0a10d4b61fb4e87b0e18cd9 13-Apr-2015 Svetoslav <svetoslavganov@google.com> Improve permission group handling.

1. Don't ignore permissions in an unknown group.

2. Ignore permission groups for legacy apps as the meaning
of a permission group is redefined.

Change-Id: Ifd0e0928cfd8540f3abc39a8834e84c3f18149be
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
98680e969b384e2765a311fe14a070fb39f587ee 13-Apr-2015 Sudheer Shanka <sudheersai@google.com> Merge "Clear defaults of an application installed in multiple users."
d957f80ced65b4151c4fe1fcd9815cc2dcc00c99 04-Mar-2015 Sudheer Shanka <sudheersai@google.com> Clear defaults of an application installed in multiple users.

Bug: 19120156
Change-Id: I6c85b62d121df84e5f86dd359e8555376fea9701
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6036cd51265d31c08eefe0470a9f37e7f757aae8 11-Apr-2015 Jeff Sharkey <jsharkey@android.com> Merge "Support moving apps to expanded storage."
30ca50a3ddf35e6426e7b561b95e0864885de6d5 11-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add Default Browser App support and relax Hosts validation for AppLinks"
6227172310663e1267b1fabd68be890a1cb7e145 11-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Add Default Browser App support and relax Hosts validation for AppLinks

- add private PackageManager APIs for setting/getting the default
Browser App package name
- serialize / deserialize the default Browser App package name per User

Also relax the Hosts name validation for the AppLinls feature. Now we
just care if the IntentFilter is having an HTTP or HTTPS scheme.

Change-Id: I4436f66ac6beff57e14f7f3a2a00b0b582c03be9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
caa41648f4e3cecc1996447396aabc4e394b8fd0 10-Apr-2015 Svetoslav <svetoslavganov@google.com> Merge "Allow only system signed apps to grant permissions at install"
805b63e253c139625f5a86d72ef7b31d6ec9f8e9 10-Apr-2015 Svetoslav <svetoslavganov@google.com> Allow only system signed apps to grant permissions at install

bug:20099946

Change-Id: Ifcc5c6638b4174ffb3ba452ae68a5a53b2d1ff0a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b9f3674c11ed9c89b80a69f728cbc5f540b2ecde 09-Apr-2015 Jeff Sharkey <jsharkey@android.com> Support moving apps to expanded storage.

Start deriving the data path for apps based on the volume UUID where
the app lives. This path is used for all higher-level APIs, giving
us a clean place to switch app storage.

When parsing a package, keep track of the volume UUID where it lives
and update PackageSetting once installed. For now continue treating
moves as installs, but we'll eventually clean this up to avoid the
additional dexopt pass. Wire up move to use the new installd command
to move private data between devices.

Cache LoadedApk only for the current user, since otherwise the data
dir points at the wrong path.

Bug: 19993667
Change-Id: I53336e3b147d5fd3130e6800869af172b628da37
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5f76360ff99b44d611a40bc1b04bacb2a49b47fa 10-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add IntentFilter auto verification - part 5"
e48c137acdddd477d671417eb93ec120a1931cbb 10-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 5

- optimize IntentFilter verification: dont do stuff we dont want
if we dont need to do them.

- improve IntentFilter candidates filtering and also improve
at the same time fix for bug #20128771: we can return the candidates
list rigth the way if the Intent is not related to a Web data URI and
include the "undefined verification state" ones if the first filtering
pass does not leave any.

Change-Id: I19f5c060f58b93530e37b4425d19ed23d2a0f4c0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7c6a34e64a52b71a6ea00efd2127a4814b5c72a6 09-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Fix bug #20128771 All apps disappeared from app drawer after AAZ08 OTA"
53f35f4a20f69a61b83b88b666e85277d07e9de0 09-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Fix bug #20128771 All apps disappeared from app drawer after AAZ08 OTA

- relax a bit Intent resolution. We should still include Apps that
do not support Web domains :-) so in that context add in the result
list the Apps that are with a status INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_UNDEFINED

Change-Id: Ibad7b7f577552ac75bba256bb387a75b83524958
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c9d83fc2e0f2e6f24b9f7957cc9650b3e866cf1d 09-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add IntentFilter auto verification - part 4"
a1b19b7b66b06647501bc80d3002701fd9e59b7a 09-Apr-2015 Richard Uhler <ruhler@google.com> am 00ff42a0: am 7f757130: am f324d245: Merge "Reuse dexopt method for both dex2oat and patchoat."

* commit '00ff42a0ca9d17c4b7ee89d900cf86c9a25c00eb':
Reuse dexopt method for both dex2oat and patchoat.
7f7571308d5dc973e9b1e352d56643a74e99e588 09-Apr-2015 Richard Uhler <ruhler@google.com> am f324d245: Merge "Reuse dexopt method for both dex2oat and patchoat."

* commit 'f324d245fdd07ac14ab312d1a5fa04a4e8dfcceb':
Reuse dexopt method for both dex2oat and patchoat.
f324d245fdd07ac14ab312d1a5fa04a4e8dfcceb 09-Apr-2015 Richard Uhler <ruhler@google.com> Merge "Reuse dexopt method for both dex2oat and patchoat."
7d014cec63939f7aca2a8014f45cd4c9a3e1aa0c 09-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 4

- add domain verification priming at boot when the PackageManagerService
singleton is created. This will mainly set the domain verification status
to INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS for all Apps that
have an IntentFilter with action VIEW and data scheme HTTP or HTTPS.

- also optimize Intent resolution by taking into account Browser Apps

Change-Id: Id8e66c9759a99e79b07051595ca89a168dc5ae0e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0788595e0c9bc5e8c1907c63db595010006ef5b4 07-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification - part 3

- add private API PackageManager.getAllIntentFilters(String)
for getting all IntentFilters from a given package
- update IntentFilterVerificationInfo to use an ArrayList<String>
for domains instead of a String[]
- if you make an App a default domain handler then make the
others as non default
- create an IntentVerificationInfo even if the App IntentFilters
do not need to be verified. This would be done only if the App
has some domain URLs defined and would allow to make it the
default handler for a domain
- a few code optimizations here and there

Change-Id: I4535372a0bb1a2c8e662e1485be8ca700003e9b3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
75bff7cca024d64b090f2104ed9a3be600c27fc5 07-Apr-2015 Fyodor Kupolov <fkupolov@google.com> Unnecessary dexopt in installPackageLI

When a new package is created, installNewPackageLI does not need to call
dexopt, since it has already been made.

Bug: 19550105
Bug: 20087446
Change-Id: If6b05bea590eea5f95efebb22a67ccd8cdf632c2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8aa61000021ed32480599c7dea875f0b27ba44f0 07-Apr-2015 Svetoslav <svetoslavganov@google.com> Merge "Enable runtime permissions"
77e46d214db035f150e8522fad03edec913939e8 07-Apr-2015 Fyodor Kupolov <fkupolov@google.com> am 6a17f601: Merge "Unnecessary dexopt in installPackageLI"

* commit '6a17f60166082227a5a644f9114db46a0ade73f0':
Unnecessary dexopt in installPackageLI
b2b9ab8354da1485178cd8d8e9d89ac915b3f269 06-Apr-2015 Jeff Sharkey <jsharkey@android.com> Installing packages to expanded storage.

PackageManager now offers to load/unload packages when expanded
volumes are mounted/unmounted. Expanded storage volumes are still
treated as FLAG_EXTERNAL_STORAGE from a public API point-of-view,
but this change starts treating the INSTALL_EXTERNAL flag as
exclusively meaning ASEC containers.

Start tracking the UUID of the volume where a package is installed,
giving us a quick way to find relevant packages. When resolving an
install location, look across all expanded volumes and pick the one
with the largest free space. When upgrading an existing package,
continue preferring the existing volume. PackageInstaller now knows
how to stage on these volumes.

Add new movePackage() variant that accepts a target volume UUID
as destination, it will eventually move data too. Expose this
move command through "pm" command for testing.

Automount expanded volumes when they appear.

Bug: 19993667
Change-Id: I9ca2aa328b9977d34e8b3e153db4bea8b8d6f8e3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
36b26adde8091bcf8e1d5aff6ae393278fef12c8 07-Apr-2015 Fyodor Kupolov <fkupolov@google.com> Unnecessary dexopt in installPackageLI

When a new package is created, installNewPackageLI does not need to call
dexopt, since it has already been made.

Bug: 19550105
Bug: 20087446
Change-Id: If6b05bea590eea5f95efebb22a67ccd8cdf632c2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e012a235569fe307d165dfd0784ae847d0b13739 02-Apr-2015 Christopher Tate <ctate@google.com> Back up / restore preferred app configuration

Bug 19848104

Change-Id: I84cdfcc44b48a9732984955d7eedf745b5586bdd
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
429270c3ed1da02914efb476be977dc3829d4c30 07-Apr-2015 Svetoslav <svetoslavganov@google.com> Enable runtime permissions

Change-Id: I092a24e472f841ff6094ac4135dfd19381de61ff
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7151a9a887051542c6da9f380376f3b306184e5c 05-Apr-2015 Jeff Sharkey <jsharkey@android.com> Storage methods using IDs, update listeners.

Add StorageManager methods that work with Disk and Volume IDs instead
of paths which can change over time. For example, a freshly formatted
volume has a different UUID and mount point, even though it's the same
volume.

Update StorageEventListener to be all one-way calls to avoid blocking
while dispatching events. Add new listener method for Volume-level
state changes. The existing state method will remain focused on the
per-user state reflected by StorageVolume. Switch listeners over to
using the more robust RemoteCallbackList pattern under the hood.

Change external ASEC scanning logic in PackageManagerService to be
driven by listener events, instead of explicit MountService calls.

Bug: 19993667
Change-Id: I57c505de260ff1762a78d70d15f1892f40229210
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7b08b35bde3df58816b171b88712bcc6d21dcbe8 26-Mar-2015 Richard Uhler <ruhler@google.com> Reuse dexopt method for both dex2oat and patchoat.

Change-Id: Ib9a6373f98474f1242367b5285086251a9d580e5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
96bba82ac4295f68ef956ecae7ee169eb3c271d1 03-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Merge "Add private flag PRIVATE_FLAG_HAS_DOMAIN_URLS to ApplicationInfo"
d3d8a32217d5a2d895917cfe7e1645935d228494 02-Apr-2015 Fabrice Di Meglio <fdimeglio@google.com> Add private flag PRIVATE_FLAG_HAS_DOMAIN_URLS to ApplicationInfo

This is for supporting Settings UX and Domain URLs

- the new PRIVATE_FLAG_HAS_DOMAIN_URLS flag will be set by
generateApplicationInfo() when the Activity is said to have some
IntentFilter with a VIEW action and a http / https data URI

- code cleaning for args passing
- also add a new constant for the MetricsLogger

Change-Id: I5c9762fc2c4a9b46c0e255b9a23bffd70fae40c7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c38a54b1f076b86453041755e15504fd0b4d48af 03-Apr-2015 Fyodor Kupolov <fkupolov@google.com> am 30c688da: am 031898df: am 3d8b7f4d: Merge "Support for storing OAT files in app directory"

* commit '30c688da8bd2b3320446a06424e1cc57b693522a':
Support for storing OAT files in app directory
3425dae8dc63372e8944dce43f7ed2d567512248 03-Apr-2015 dcashman <dcashman@google.com> Merge "Refactor KeySet code."
d2cf3aec6087ba53dcbb55eb38c8e7f385ac4cbd 03-Apr-2015 Svetoslav <svetoslavganov@google.com> Do not clear a shared user's permissions on an app install.

When regranting permissions for an app during an install if
that app is in a shared user we should not clear the permissions
as the permissions for the shared user are additive and go away
when apps requesting them are uninstalled.

bug:20050689

Change-Id: I82aa70669fc25a45e7020a1545b093db5525f5cf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
031898dfd2dd734724d61e447a8ed61cc7f07d5c 03-Apr-2015 Fyodor Kupolov <fkupolov@google.com> am 3d8b7f4d: Merge "Support for storing OAT files in app directory"

* commit '3d8b7f4d50c2f7c64ec4e5874fd95cf837ddc12e':
Support for storing OAT files in app directory
8c04facdf5e76fb34c55cfe3dc9a0216322b91b8 23-Mar-2015 dcashman <dcashman@google.com> Refactor KeySet code.

Eliminate dependency in packagesetting keyset metadata on other packages by
introducing reference counts for KeySets and public keys. This also allows
keysets to retain their id across reboots by eliminating the need to remove
all keyset data after scanning all packages on boot, which also should
drastically reduce the number of calls to ArraySet.removeAll().

Bug: 19617481

Change-Id: I6cc65f30e431b8e4ebe49047a9219a0d983f2774
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b94c1657eb0140f7b91f5372a9f76de5a3d87e36 03-Mar-2015 Fyodor Kupolov <fkupolov@google.com> Support for storing OAT files in app directory

In installPackageLI, dexopt is now performed on a staging directory of the app
(dexopt phase 1). For each codepath:
- /oat/<isa> directory is created
- dexopt output goes to the newly created directory. Optimized files have
.odex extension.

Bug: 19550105
Change-Id: Iec59790d97837b78af82b079fd1970de3388c91d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1c1b47125da018b44240739db75f8898e064a948 20-Nov-2014 Fabrice Di Meglio <fdimeglio@google.com> Add IntentFilter auto verification

The purpose of this feature is to prompt the Disambiguation dialog
to Users as less as possible.

- add the new "autoVerify" property to the IntentFilter class
- add new APIs to PackageManager:
verifyIntentFilter(int, int, List<String>),
getIntentVerificationStatus(String, int),
updateIntentVerificationStatus(String, int, int),
getIntentFilterVerifications(String)
for supporting IntentFilter verification
- add support for multi-user
- update PackageManager for IntentFilter verification:
basically when we are installing a new package, ask for verification
of all domains from the IntentFilters that have the "autoVerify" to true.
This means that the PackageManager will send a well defined protected
broadcast (with a new INTENT_FILTER_NEEDS_VERIFICATION action) to
an IntentFilter verifier to do the real job of verification.
We are passing in the broadcast Intent all the necessary data for
doing the verification. The PackageManager will receive as response
the result code of the domain verifications and, if needed, the list
of domains that have failed the verification.
- add a new INTENT_FILTER_VERIFICATION_AGENT permission that needs to
be set by an intent filter verifier to be considered as a trustable
party by the PackageManager.
- add also a new BIND_INTENT_FILTER_VERIFIER permission for securing
the binding between the PackageManager and a service doing the
intent filter verifications.
- add ResolveInfo filterNeedsVerification which is a boolean
to knows if the IntentFilter is of a type that needs a verification
(action VIEW, category BROWABLE, HTTP/HTTPS data URI)
- add new "domain-preferred-apps" / "d" dump command for listing the
prefered Apps for all domains
- add new "intent-filter-verifiers" / "ivf" command for listing the
IntentFilterVerifier used
- introduce the IntentVerificationService which is a basic service
for verifying IntentFilters. This service will send HTTPS requests
to the domain declared in the IntentFilter(s) for doing the
verification. This service has a low priority level so that it
can be replaced by a more sophisticated one if needed. This service
is updating the PackageManager intent verification states thru
the updateIntentVerificationStatus(...) API.
- update MockPackageManager

Change-Id: I0bfed193d0bf1f7c7ac79f6c1b160b7ab93b5fb5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
12a692a5e8244cad6ae634cc0821e4e3590cfef6 29-Mar-2015 Svet Ganov <svetoslavganov@google.com> Fix runtime permissinos toggling and relax XML parsing.

1. Fixed the case where runtime permissons can be toggled by a
developer via a system property.

2. Relaxed the runtime permission XML parsing to be more fault
toelrant and consistent wiht the reset of the package manager
parse code.

3. Fixed a deadlock due to calling in to the activity manager
with the package manager lock held to kill an app.

Change-Id: I11dfb57ad4d8119baea79227dc2a3fe5e2208515
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7119be2531c1763749c2b5ed9d427ed506fe9aff 27-Mar-2015 Svetoslav <svetoslavganov@google.com> Merge "Handle dynamic enable/disable of runtime permissions support."
cf959f6e722ddd20033b7c98b3e04c7143f6438e 27-Mar-2015 Svetoslav <svetoslavganov@google.com> Handle dynamic enable/disable of runtime permissions support.

This change adds support for the case where we change the state
of runtime permissions support via the system property. This
was not working properly before because we did not handle system
app permissions properly.:

Change-Id: I66c5e6c823b8521999972b0432b1daaba38c9709
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
60b3be3ab5fba871311628dec0538214b4965027 27-Mar-2015 Christopher Tate <ctate@google.com> am 9c36cf41: am 9837c51a: am 63862a20: am 7b73a788: am dbe0dd16: When scanning unbundled apps, only install the expected APK tree

* commit '9c36cf4195158b94600a5e1125835627629087e8':
When scanning unbundled apps, only install the expected APK tree
9837c51acc274531a4109b9973a7d7927787da6c 27-Mar-2015 Christopher Tate <ctate@google.com> am 63862a20: am 7b73a788: am dbe0dd16: When scanning unbundled apps, only install the expected APK tree

* commit '63862a2052d41db4543a6a15713f5146b76d65cc':
When scanning unbundled apps, only install the expected APK tree
b4a16b16e75eaf32a8acb7ed2a6d94fbc0c18f98 27-Mar-2015 Svetoslav <svetoslavganov@google.com> Fix a typo

Change-Id: I74da330f7319bd2f571d1c328365e3d5e482dc78
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
dbe0dd160e93feef1335830a36e86ae83b19b793 26-Mar-2015 Christopher Tate <ctate@google.com> When scanning unbundled apps, only install the expected APK tree

We now make sure, when scanning post-factory app installs, that we do not
accidentally activate a "leaked" or otherwise superfluous APK tree that the
scan algorithm happens to encounter before the one that we expect a priori
based on the persisted package-installation state. When we find such an
extraneous installation we ignore it in favor of the expected one, similarly
to the policy used when collecting system-bundled packages that have been
updated.

Even if we find an unexpected APK for the package, if the expected one
turns out to be absent we fall back to the existing "we thought this app
was present and now it isn't" logic.

Bug 19602471

Change-Id: I141a93661946176c05d8cf52a123bdf75c8eef74
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d5752bdc8fd39d4f0a508f9088c538e30e73044a 26-Mar-2015 Svet Ganov <svetoslavganov@google.com> Properly handle system app permissions - for real.

System apps targeting SDK greater than Lollipop MR1 get runtime
permissions by default but if the user takes them away we should
not regrant them. To do that we keep track for each package which
user ids were handled in the last permissions update. If a new
user id has appeared we grant runtime permissions for this user
to the sys package. When we start clean (i.e. first boot) the
sys packages were updated for no user so we grant the runtime
perms for the owner. When reading a package from packages.xml
we set the updated user ids to all users ids on the device as
the state in the xml reflects the latest state before a shutdown,
i.e. the last state when permissions were updated.

Change-Id: I93135baa57950405a357b139c59f432cf02f0bc6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
78027f3b72ad0cad4c39c3947985526ac31a6d3e 25-Mar-2015 Svet Ganov <svetoslavganov@google.com> Properly handle system app permissions.

System apps targeting SDK grater than Lollipop MR1 get runtime
permissions and when a new user is added we update the permissions
for all packages to ensure that the new user gets the runtime
permissions.

Change-Id: Ic7dc5b5a94b034e00d715a60b12f613803524c3b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3695b8a1488a6cc331feba1c2ab359888656bf7c 25-Mar-2015 Svet Ganov <svetoslavganov@google.com> First implementation of the grant/revoke UI

Change-Id: Icdb7c822881552b30850697dba709671bf27baa5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9041df7f6948f5314b576c437f08247967ac2c2f 24-Mar-2015 Svetoslav <svetoslavganov@google.com> Remove obsolete comments

Change-Id: Ieabe9e8e86cfe226751a0402e4c7d55f2a18c8b1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
00f3904629ef89192e061c1995801ef322fc0bcf 24-Mar-2015 Jeff Sharkey <jsharkey@android.com> Introduce per-user GIDs for storage.

This will eventually allow us to have a single unified filesystem
instead of requiring zygote to use bind mounts.

Change-Id: I29b819ab51498b4bab874e0367b1ab4165f84025
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
95c1adea0c5fe10ceba217a327163757f4589d3d 19-Mar-2015 Svet Ganov <svetoslavganov@google.com> Add install option to grant all runtime permissions.

Change-Id: I72ba67a72025646a3d53611621b0353d3a86677c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c6d1c345f41cf817bf2c07c97b97107d94296064 26-Feb-2015 Svetoslav <svetoslavganov@google.com> Runtime permissions: per user permission tracking.

Before all permissions were granted at install time at once, so the user
was persented with an all or nothing choice. In the new runtime permissions
model all dangarous permissions (nomal are always granted and signature
one are granted if signatures match) are not granted at install time and
the app can request them as necessary at runtime.

Before, all granted permission to an app were identical for all users as
granting is performed at install time. However, the new runtime model
allows the same app running under two different users to have different
runtime permission grants. This change refactors the permissions book
keeping in the package manager to enable per user permission tracking.

The change also adds the app facing APIs for requesting runtime permissions.

Change-Id: Icbf2fc2ced15c42ca206c335996206bd1a4a4be5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8458e531bfc681ebb0de98476d782ca4d052a145 16-Mar-2015 Nicolas Prevot <nprevot@google.com> Merge "Remove the owner userid of cross-profile intent filters."
7487657ee9f3f91a1fb4e52ce2a03b56496ac1f4 24-Feb-2015 Fyodor Kupolov <fkupolov@google.com> Extracted a separate class to run dexopt on packages

performDexOptLibsLI and related methods were extracted to PackageDexOptimizer
class. Minor refactoring of PackageManagerService.

This is a non-functional change. It should simplify further work to allow
storing OAT files inside package dir.

(cherry picked from commit eeea67b8c3678d882d3774edc41242c63daa60fa)

Change-Id: I3494a2da70605362bb6fb4625ffbee1cbe1cd457
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4282924ed33102605d6c295f164ffb3249ced7b4 06-Mar-2015 Alan Treadway <alantreadway@google.com> Fix for managed-profile users needing to "install" packages twice.

Fix ensures that the users requesting package installation have the
package marked as installed and enabled for them. This appears to be
the intent of the existing code, but without this change in certain
cases the user has to effectively request "installation" twice.

Bug: 17445378
Change-Id: Ic17399e493125e631b381b89615336be17c9d1ee
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
174a44888ec56f688426c80d50b9e0021f47c16f 10-Mar-2015 Andreas Gampe <agampe@google.com> am 7f383873: Merge "Frameworks/base: Pass APK debugability to installd"

* commit '7f383873566024c7121cadae3bbdd2a7c47150bc':
Frameworks/base: Pass APK debugability to installd
735600c1e654ef3d4fe1201aa31d1f4eb33c18e3 05-Mar-2015 Andreas Gampe <agampe@google.com> Frameworks/base: Pass APK debugability to installd

Change-Id: Id17ec72babe2ee88713a0d274eff86508de30666
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4b8d5821512c6a4fdaf442f6d48e1dc412539136 05-Mar-2015 Nicolas Prevot <nprevot@google.com> Remove the owner userid of cross-profile intent filters.

The owner user id was used to identify in which user an app had set
a cross-profile intent filter. But it's not really necessary.

BUG:19505190

Change-Id: Iacc49d31c95e34efee1895e5fbe7224277dbc493
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
eeea67b8c3678d882d3774edc41242c63daa60fa 24-Feb-2015 Fyodor Kupolov <fkupolov@google.com> Extracted a separate class to run dexopt on packages

performDexOptLibsLI and related methods were extracted to PackageDexOptimizer
class. Minor refactoring of PackageManagerService.

This is a non-functional change. It should simplify further work to allow
storing OAT files inside package dir.

Change-Id: I3494a2da70605362bb6fb4625ffbee1cbe1cd457
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
05ecfd308d983755bc7cab39ba99a37c321f176b 11-Feb-2015 Alex Klyubin <klyubin@google.com> am 33d3c53d: resolved conflicts for merge of 517e0274 to lmp-mr1-dev-plus-aosp

* commit '33d3c53da021f0d044028860ace0f4ad817273f5':
Move hidden ApplicationInfo flags into a separate field.
33d3c53da021f0d044028860ace0f4ad817273f5 11-Feb-2015 Alex Klyubin <klyubin@google.com> resolved conflicts for merge of 517e0274 to lmp-mr1-dev-plus-aosp

Change-Id: Ic20b6c8851458483dd73a144bd5ae6e8d141e62a
b9f8a5204a1b0b3919fa921e858d04124c582828 03-Feb-2015 Alex Klyubin <klyubin@google.com> Move hidden ApplicationInfo flags into a separate field.

The public API field android.content.pm.ApplicationInfo.flags can
support only 32 flags. This limit has been reached. As a short term
workaround to enable new public flags to be added, this CL moves flags
which are not public API into a separate new field privateFlags and
renames the affected flags constants accordingly (e.g., FLAG_PRIVILEGED
is now PRIVATE_FLAG_PRIVILEGED).

The new privateFlags field is not public API and should not be used
for flags that are public API.

The flags that are moved out of ApplicationInfo.flags are:
* FLAG_HIDDEN,
* FLAG_CANT_SAVE_STATE,
* FLAG_FORWARD_LOCK, and
* FLAG_PRIVILEGED.

NOTE: This changes the format of packages.xml. Prior to this CL flags
were stored in the "flags" attribute. With this CL, the public flags
are stored in a new "publicFlags" attribute and private flags are
stored in a new "privateFlags" attribute. The old "flags" attribute
is interpreted by using the old values of hidden/private flags.

Change-Id: Ie23eb8ddd5129de3c6e008c5261b639e22182ee5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7d4a9c139c742adc702b6695ac6d7c9ce40b9ca7 09-Feb-2015 Rubin Xu <rubinxu@google.com> am df890b4d: am 082f0bf3: am df608e39: am 3d521c0a: Merge "Perform post installation operations directly if backup manager is disabled" into lmp-mr1-dev

* commit 'df890b4df04f77baaa0051b6cc0d92c82acf3aa9':
Perform post installation operations directly if backup manager is disabled
df890b4df04f77baaa0051b6cc0d92c82acf3aa9 09-Feb-2015 Rubin Xu <rubinxu@google.com> am 082f0bf3: am df608e39: am 3d521c0a: Merge "Perform post installation operations directly if backup manager is disabled" into lmp-mr1-dev

* commit '082f0bf3bd0f266f776f4b28c3fb8dc917cd0d63':
Perform post installation operations directly if backup manager is disabled
99abeed2bb74a15d2336ad3b75dfeb30e64d135d 09-Feb-2015 Rubin Xu <rubinxu@google.com> Perform post installation operations directly if backup manager is disabled

bug: 19312753

Change-Id: I4acdd1e3af6a6be0c51affc42de167993c736b2f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0e8f037ded946f3aeaa0480c2d1eeb77d6688d0b 28-Jan-2015 Fyodor Kupolov <fkupolov@google.com> Merge "Added primaryUserOnly attribute for activities"
715437763c56a8a23d9ce711b011bdddc90e7b61 28-Jan-2015 Christopher Tate <ctate@google.com> am 0c607b97: am f37b20e1: Merge "Fix \'always\' preferred app assignment" into lmp-mr1-dev
automerge: ff1876d

* commit 'ff1876d1fb8dfcaba61d3fc7de296d663a4e160e':
Fix 'always' preferred app assignment
ff1876d1fb8dfcaba61d3fc7de296d663a4e160e 28-Jan-2015 Christopher Tate <ctate@google.com> am 0c607b97: am f37b20e1: Merge "Fix \'always\' preferred app assignment" into lmp-mr1-dev

* commit '0c607b97f068ca486036a501052572e9207c0926':
Fix 'always' preferred app assignment
57792912ee8f536f90c466db701d71a9e38c54d4 27-Jan-2015 Christopher Tate <ctate@google.com> Fix 'always' preferred app assignment

In the case when some possible resolutions of a given intent are at
different priorities (typically when they're intended as fallbacks when
no "normal" handler for the intent exists) the check for "is this the
same set of possible handlers that we saw last time?" was broken. We
now ignore resolver priority entirely in that check: match set comparison
should be orthogonal to prioritization within the set, and indeed the
priority is dealt with separately in any event.

Bug 19011225

Change-Id: I3c1658442cc88b1f4a5c5f2fe9f64472799e156c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
703d1c43a25fe6e80c5fea46cc0ff14f0e1fbc00 27-Jan-2015 Fyodor Kupolov <fkupolov@google.com> Added primaryUserOnly attribute for activities

In addition to receivers, primaryUserOnly is now supported for activities.

In queryIntentActivities method, activities with primaryUserOnly flag set will
be filtered out, when current user is not the owner.

Change-Id: I0b7168b8c96749cd6d23b8c95d5624589f5f2d86
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
75d0ea8785163d5b0fddaec339f68bacdf52df82 16-Dec-2014 Fyodor Kupolov <fkupolov@google.com> Use scheduled writes to package-restrictions and user xml

When user is initialized, PackageManager.setEnabledSetting is called
multiple times. Each call triggers a write to user's
package-restrictions.xml file.

Using scheduleWritePackageRestrictionsLocked should help to reduce the
number of writes during initialization time and reduce creation/switching
time for a new user.

Change-Id: I5bd8609e3a79bdc3f198a169ede8005dc0186612
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b97633c14da555d89dac7eadbf6e351d82281614 09-Dec-2014 Jeff Sharkey <jsharkey@android.com> am 5d662a82: am 2f4ced30: Merge "Consistent result when signatures don\'t match." into lmp-mr1-dev

* commit '5d662a828935399e11723d0a5e7ff31c433e8b39':
Consistent result when signatures don't match.
10bef1d2f444b8ca23ee317d3bcfb586860af18b 09-Dec-2014 Jeff Sharkey <jsharkey@android.com> Consistent result when signatures don't match.

INSTALL_FAILED_UPDATE_INCOMPATIBLE is a better description of the
real underlying cause when signatures don't match.

Bug: 18413784
Change-Id: Ib81591df7d0d79f6725a4fa7300ae4e20958f004
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
11bee890a24b05d099be87b02ea667441e573898 04-Dec-2014 Dianne Hackborn <hackbod@google.com> am 4c4e4686: am 281f36f5: Merge "Fix issue #18607384: Run fstrim after every system update" into lmp-mr1-dev

* commit '4c4e4686d5de3f22cf4d832c63716d9054b9ad54':
Fix issue #18607384: Run fstrim after every system update
8b22252a6cd4e9c8ea9bccaf55fce1940bb63eaa 03-Dec-2014 Dianne Hackborn <hackbod@google.com> Fix issue #18607384: Run fstrim after every system update

Change-Id: I06f4c0b9e6834a8c8bd85710dfd9fa16471b6ad2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
53651b9982f53236b767d766e85ec0ce3acc6f0f 01-Dec-2014 Narayan Kamath <narayan@google.com> am ff45e7df: am 1d184ace: resolved conflicts for merge of 7377998d to lmp-mr1-dev

* commit 'ff45e7df8aae0f55ce719de92102c7d522b62048':
Be increasingly aggressive about fstrim if it isn't being run
48e17629b0b6c89cb77342c0364a1cf3a0b2a0fb 25-Nov-2014 Akira Numata <akira.numata@sonymobile.com> APK still has privileged flag after being moved from "/system/priv-app"

When an app is moved from "/system/priv-app" to another location
during OTA update, the privileged flag should be removed.

(cherry picked from commit 76bf60ead8132b86436ebbba40eaa8f2c8bbe812)

Change-Id: I39feeac7ece89c28045d196ae69fc974b1c6510b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1446c6c6f67d285bd47b878de6326b8e82fafb2b 27-Nov-2014 Jeff Sharkey <jsharkey@android.com> am d76737a7: am b802cd67: Merge "APK still has privileged flag after being moved from "/system/priv-app""

* commit 'd76737a7325bdcd5010f26fd1626628f07070bb9':
APK still has privileged flag after being moved from "/system/priv-app"
1d184acefa7105592134edebf7de4d77843d5791 27-Nov-2014 Narayan Kamath <narayan@google.com> resolved conflicts for merge of 7377998d to lmp-mr1-dev

Change-Id: I21870e241de7d992e97d7b91e0058f85b5a25fbe
06e8c58e7cf84b87613f4c8114ec75db58e32d72 26-Nov-2014 Jeff Sharkey <jsharkey@android.com> am cd5d46ff: am 293f0f38: Merge "package_info GID shouldn\'t have write." into lmp-mr1-dev

* commit 'cd5d46ff81ab652dc9dc9c28d607f536187f3bab':
package_info GID shouldn't have write.
7377998dac67ce8d486e11b9bd2f159fe0ca501d 26-Nov-2014 Narayan Kamath <narayan@google.com> resolved conflicts for merge of a42f7c1d to lmp-sprout-dev

Change-Id: I8e53c9d7e0014b4ffc621c561b737aa2dae5460c
76bf60ead8132b86436ebbba40eaa8f2c8bbe812 25-Nov-2014 Akira Numata <akira.numata@sonymobile.com> APK still has privileged flag after being moved from "/system/priv-app"

When an app is moved from "/system/priv-app" to another location
during OTA update, the privileged flag should be removed.

Change-Id: I7713382db34697f7b68283dbbbd25a1349cbecdb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7265abe77a76f848a316640b5da106e882bdbc8a 21-Nov-2014 Christopher Tate <ctate@google.com> Be increasingly aggressive about fstrim if it isn't being run

The current heuristics depend on devices being alive at midnight+ in
order to run periodic background fstrim operations. This unfortunately
means that people who routinely turn their devices off overnight wind
up with their devices *never* running fstrim, and this causes major
performance and disk-life problems.

We now backstop this very-friendly schedule with an increasingly
aggressive one. If the device goes a defined time without a background
fstrim, we then force the fstrim at the next reboot. Once the
device hits the midnight+ idle fstrim request time, then we already
aggressively attempt to fstrim at the first available moment
thereafter, even if it's days/weeks later without a reboot.

'Available' here means charging + device idle. If the device never
becomes idle then we can't do much without rendering an in-use device
inoperable for some number of minutes -- but we have no evidence of
devices ever failing to run fstrim due to this usage pattern.

A new Settings.Global element (type 'long', called
"fstrim_mandatory_interval") is the source of the backstop time. If
this element is zero or negative, no mandatory boot-time fstrim will
ever be performed. If the element is not supplied on a given device,
the default backstop is 3 days.

Adds a new string to display in the upgrading dialog when doing
the fstrim. Note it is too late for this to be localized, but since
this operation can take a long time it is probably better to have
it show *something* even if not localized, rather than just sit there.

Bug 18486922

Change-Id: I5b265ca0a65570fb8931251aa1ac37b530635a2c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
278dfdf73142e72944478e50a3f02d3b5c6fd370 25-Nov-2014 Jeff Sharkey <jsharkey@android.com> am 117c549b: am 0f667f58: Merge "Ignore spammy package logs when dumping." into lmp-mr1-dev

* commit '117c549b86979d891edfe1d810ac087609928386':
Ignore spammy package logs when dumping.
c02f304c3a1dc45a7e44b9f91b38c62353850d30 25-Nov-2014 Jeff Sharkey <jsharkey@android.com> am 58b699c3: am 636baa0d: Merge "Introduce revision codes for split APKs." into lmp-mr1-dev

* commit '58b699c366dea7abc26f34c1e5f1cc6031c04e23':
Introduce revision codes for split APKs.
9fafd0c7111f0d0df431f6c0a4f4f5afcdea7b81 25-Nov-2014 Dianne Hackborn <hackbod@google.com> am 608439df: am 5bbb1af7: Merge "Work on issue #18486438: Reduce size of bugreport output" into lmp-mr1-dev

* commit '608439df383b40dc0f808e4992b369debaff29cd':
Work on issue #18486438: Reduce size of bugreport output
aebb65cb687216b9912cf98d24858ffcb3e6f50b 25-Nov-2014 Jeff Sharkey <jsharkey@android.com> package_info GID shouldn't have write.

Fix permissions on packages.list and package-usage.list to only
allow read access from the package_info GID.

Bug: 18473765
Change-Id: I9b9ef13f4a00a8355619bbcdacc836f9abfa0376
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
962bd4a69175077a95bc04bcdcc80ee6cb1034f8 24-Nov-2014 Jeff Sharkey <jsharkey@android.com> Ignore spammy package logs when dumping.

Bug: 18390552
Change-Id: Ie333f57d46d6ab3f4b9daa17f98b1e94a236e959
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
88d2a3c0e1b4a8c53a489db5d627beb80b1b9957 23-Nov-2014 Jeff Sharkey <jsharkey@android.com> Introduce revision codes for split APKs.

Apps delivered as multiple split APKs must have identical package
names, version code, and signatures. However, developers may want
to iterate quickly on a subset of splits without having to increment
the version code, which would require delivery of the entire app.

This change introduces "revision codes" which can vary between
split APKs belonging to the same app. An install is valid as long
as the normal version code is identical across all splits. Splits
can be added/removed to an app over time, but if a split is present
across an upgrade the revision code must not decrease.

Since system apps could have been updated with splits, only revert
to the built-in APKs if the version code is strictly greater than the
data version. Also fix bug to enable inheriting from system apps
when adding splits.

Bug: 18481866
Change-Id: I34d8e14c141a8eb95c33ffe24b4e52d6af5c8260
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d052a9416ae3f7e42fc1e7de0740021df385ee48 22-Nov-2014 Dianne Hackborn <hackbod@google.com> Work on issue #18486438: Reduce size of bugreport output

Reduce how much stuff ProcessStats spews, and do collapsing of
repeated intent filter targets when dumping IntentResolvers.

Also add to pm's checkout output to include shared user ids,
and fix output formatting in a few places.

Change-Id: Ic9fc6731f0439101ba9343535e66cdbbad47e291
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e5186c12ec1c95b75d0fef1a38f94483e31aae6f 19-Nov-2014 Jeff Sharkey <jsharkey@android.com> am 40602179: Merge "Default icon is shown after uninstalling updated priv-app"

* commit '4060217905d805897141b028126e0aa51136cf7b':
Default icon is shown after uninstalling updated priv-app
e50bc6fd29dd8bb3291517753aadd2ccec94f24b 10-Mar-2014 Akira Numata <akira.numata@sonymobile.com> Default icon is shown after uninstalling updated priv-app

If updated pre-installed app is moved from "/system/app" to
"/system/priv-app" at FOTA, PackageManager does not update its
resource path correctly. This patch fixes it.

Change-Id: Iac793bcb8fd7c5bfbafd1876640b534c6da5dddf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
84998e28584e44f69be06fc9fe7e77df182251eb 14-Nov-2014 Jeff Sharkey <jsharkey@android.com> Merge "Reduce spammy PackageManager critical logs." into lmp-mr1-dev
aea5c6e33d120499799474f28b4f1e475d21990b 14-Nov-2014 Jeff Sharkey <jsharkey@android.com> Reduce spammy PackageManager critical logs.

Bug: 18390552
Change-Id: I66e34e6ebf3f644f8585056b9701b7f4582d777e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
135ae6dc3b667595b4bf2c681e1db95dc657b88f 14-Nov-2014 Craig Mautner <cmautner@google.com> am 33d92c56: Use package name as custom resolver process name

* commit '33d92c56781f6058c9e682737a06c41f3a2d2f3a':
Use package name as custom resolver process name
33d92c56781f6058c9e682737a06c41f3a2d2f3a 14-Nov-2014 Craig Mautner <cmautner@google.com> Use package name as custom resolver process name

The process name was being assigned null. This meant that after the
process attached we weren't matching the name in
ActivityStackSupervisor.attachApplicationLocked(). That meant missing
the call to realStartActivityLocked() and then the resolver didn't
start until window manager timed out and resumeTopActivity was
called five seconds later.

Fixes bug 18301267.

Change-Id: If3721caeebb309c6054150b2f707e3d6e38a74d2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
13cf7917af00f66a2fdd0a9dbfebc680a51ced64 13-Nov-2014 Jeff Sharkey <jsharkey@android.com> Make package verifier broadcasts foreground.

We're using ordered broadcasts (sigh!) for package verification, and
we could be stuck behind dozens of other background broadcasts, so
hoist into foreground queue.

Bug: 18356768
Change-Id: Ib4abf771db0147f8fbd7227f32297602816c84ae
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
521ca5f8fba355f526e82dc3a8fc6520e4379874 12-Nov-2014 Jeff Sharkey <jsharkey@android.com> am 2e700004: am d68b87cd: Recover apps with malformed certificates.

* commit '2e7000040e3d836bb591e29515974817afc49488':
Recover apps with malformed certificates.
2e7000040e3d836bb591e29515974817afc49488 12-Nov-2014 Jeff Sharkey <jsharkey@android.com> am d68b87cd: Recover apps with malformed certificates.

* commit 'd68b87cdd402d46013170d9316a31c82be4e4816':
Recover apps with malformed certificates.
d68b87cdd402d46013170d9316a31c82be4e4816 12-Nov-2014 Jeff Sharkey <jsharkey@android.com> Recover apps with malformed certificates.

There was a window of time in Lollipop where we persisted certificates
after they had passed through a decode/encode cycle. The well-written
OpenSSL library was liberal when decoding (allowing slightly malformed
certs to be parsed), but then strict when encoding, giving us
different bytes for effectively the same certificate.

A related libcore change (0c990ab4a90b8a5492a67b2b728ac9a4a1ccfa1b)
now returns the original bytes verbatim, fixing both pre-Lollipop
installs and installs after that change.

This change recovers any apps that had been installed during the
window of time described above by doing a one-time check to see if
the certs are effectively equal.

Bug: 18228011
Change-Id: Ib82bd6db718d0490d7a26c9c1014b7c8457a7f2d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ccfe6bd479acc41e018bd38c4021614dc9326fbf 12-Nov-2014 Narayan Kamath <narayan@google.com> Merge "Remove unused local field." into lmp-mr1-dev
fe46f4d90835671c7ddeebb6def1b7198ac41743 10-Nov-2014 Narayan Kamath <narayan@google.com> Remove unused local field.

It's a source of confusion.

bug: 18280671
Change-Id: Ibb387d76e18d71fc9e24afc72d93201a74fc03ae
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f4d2c8eebd8113482b48e0b8f83deb4b2f1f9b22 07-Nov-2014 Brian Carlstrom <bdc@google.com> Merge "Restore mLazyDexOpt behavior for eng builds" into lmp-mr1-dev
2e594cfe9848b56ad71a6f7bc4de13df7a36511c 29-Oct-2014 Jeff Hao <jeffhao@google.com> Change boot screen title to "Android is starting" when not upgrading.

Bug: 17565501
Bug: 18247218

(cherry picked from commit 9f60c08a446e38f9e2d5271546ef69ca5941eba9)

Change-Id: I1ec32b318b6221277fc3ffbc19966bf3330c2d93
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
939d5c697fdd29ef61a3c02cc60db5da565a31b5 05-Nov-2014 Brian Carlstrom <bdc@google.com> Restore mLazyDexOpt behavior for eng builds

Bug: 17641843
Change-Id: I0869d8718712f22229bb3b9ad95cca2ddd83d3b4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3a1a0bbc3208d8967ed6e462c39d2527028339dc 22-Oct-2014 Nicolas Prevot <nprevot@google.com> Add a cross-profile intent filter only if it wasn't previously added.

BUG: 17996284
Change-Id: I3d087767983928dfb13af9aedb37d29c9940ba36
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9710b04f35efae696c9ee6343671eff3568f5678 30-Oct-2014 Nicolas Prevot <nprevot@google.com> Merge "Schedule to write package restrictions." into lmp-mr1-dev
9f60c08a446e38f9e2d5271546ef69ca5941eba9 29-Oct-2014 Jeff Hao <jeffhao@google.com> Change boot screen title to "Android is starting" when not upgrading.

Bug: 17565501
Change-Id: Id5741e6e7a40750feee1cd7306e79f7baeec67de
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e79553355b10815be2cd44f7b84ae39c91a12bb1 28-Oct-2014 Jeff Sharkey <jsharkey@android.com> Merge "Check upgrade certs before permissions." into lmp-mr1-dev
c28bd3532b8effccc3577f844bc9be55fbd265f3 27-Oct-2014 Jeff Sharkey <jsharkey@android.com> Check upgrade certs before permissions.

We're now checking for permission redefinition early during the
install process, which can result in a confusing error message when
the real problem is a mis-signed app. So do a quick signature
sanity check before checking permissions.

Bug: 18095637
Change-Id: I9a9b48da9c5dc7fb9bde6f3f338ea08e53b6b705
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e67b8d28294d9af440d2ea23f1b2c68dfcba8b1b 27-Oct-2014 Jeff Sharkey <jsharkey@android.com> Merge "Reduce PackageManager RAM usage: ArrayMap/Set." into lmp-mr1-dev
ea72c08c148c602d789d0a85bf56a3eb8cadf149 22-Oct-2014 Nicolas Prevot <nprevot@google.com> Schedule to write package restrictions.

In PackageManagerService, for prefered activities,
persistent preferred activities and cross-profile intent filters:
schedule a write to package restrictions instead of writing the file directly.

Also, do not write all settings when writing package restrictions is enough.

BUG: 17996284

Change-Id: Ic732954f8a66d3aa1f0ca85a10fba290b14e68f4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9f837a99d48c5bb8ad7fbc133943e5bf622ce065 24-Oct-2014 Jeff Sharkey <jsharkey@android.com> Reduce PackageManager RAM usage: ArrayMap/Set.

Transition PackageManager internals away from heavier HashMap/HashSet
to use drop-in ArrayMap/ArraySet replacements. Saves ~38% RAM and
thousands of objects on a typical device.

Bug: 18115729
Change-Id: Ie107d2fee4b7baa4e3c3923231b4be877d1a5d2f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7eb599b267d00cbde891c0a87924f2f5086f4497 23-Oct-2014 Jeff Hao <jeffhao@google.com> Get UsageStats if no PackageUsage is available for boot dexopt filtering.

Bug: 17191977
Change-Id: I33e18459e49afa42b8e8218574a2434e5205a6da
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
dbfbb17512fe6a5b3c7198d60b6a149969174a71 30-Sep-2014 Jeff Hao <jeffhao@google.com> Backport of ordering apps for boot dexopt.

This is a squashed commit of the following changes:

1. Order apps by priority when performing boot dexopt.
(cherry picked from commit 65cde7d42d741c7d9aa2714a397b7333f688ab55)

2. Improve priority ordering of apps when performing boot dexopt.
Added core apps and updated system apps.
(cherry picked from commit 272bf3a274daff62995caf05da338c1f2a73dae3)

3. Stop boot dexopt when low on memory.
(cherry picked from commit 1d892dcb6b0ff3a50cc63e387667dc29baf1014f)

Bug: 17641843
Change-Id: Ie32f1c21047d3462aaf728f7633fecf647ba2b47
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1d892dcb6b0ff3a50cc63e387667dc29baf1014f 10-Oct-2014 Jeff Hao <jeffhao@google.com> Stop boot dexopt when low on memory.

Bug: 17641843
Change-Id: Ie1967fc2cd9bdd258bfee442968f98200edaf62e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
272bf3a274daff62995caf05da338c1f2a73dae3 08-Oct-2014 Jeff Hao <jeffhao@google.com> Improve priority ordering of apps when performing boot dexopt.

Added core apps and updated system apps.

Bug: 17641843
Change-Id: Ia00ea3399cf1e1acaef45ff8df8f754442de5185
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2f577e83cbd5b12e47178a90443390210b446102 06-Oct-2014 Dianne Hackborn <hackbod@google.com> am 90d557b7: am 7f7d240b: Merge "Fix issue #17752399: Multiple apps broken by GET_TASKS permission change" into lmp-dev

* commit '90d557b7a68e64e049a44560b76b959ef87f13d7':
Fix issue #17752399: Multiple apps broken by GET_TASKS permission change
7f7d240b13b96b617e298c6178af0425308f5ef9 06-Oct-2014 Dianne Hackborn <hackbod@google.com> Merge "Fix issue #17752399: Multiple apps broken by GET_TASKS permission change" into lmp-dev
ce85d7f44f5c88dcc18a19738bfcd20d9dbb4a78 06-Oct-2014 Jeff Sharkey <jsharkey@android.com> am b03b9759: am 4c880877: Merge "Recover from missing upgrade to system package." into lmp-dev

* commit 'b03b9759d3ec1f3dacde71314795a3451f67fbab':
Recover from missing upgrade to system package.
4c88087776305f54bec0aae59b8e63bc803c1401 06-Oct-2014 Jeff Sharkey <jsharkey@android.com> Merge "Recover from missing upgrade to system package." into lmp-dev
1c133105774835deaa99db78d9668b107246abef 05-Oct-2014 Jeff Sharkey <jsharkey@android.com> Recover from missing upgrade to system package.

When a system app has been upgraded, we mark the built-in version as
disabled, and skip it when parsing built-in apps, since we expect
the userdata version to be scanned a few moments later.

However, in very rare cases we can end up missing the expected
userdata version, and we'd end up dropping the package entirely, even
though we have a built-in version to fall back to. This change
handles that case by rescanning and enabling the built-in version when
the userdata version never materializes.

Also include critical log messages in check-in dumpsys to help track
down how we ended up in this state.

Bug: 17805839
Change-Id: I9971f882f9bb8ab7934c20b04e0b72366c4d04d0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
34f230aa4ad6043d3b0dd0d3942a51624468e81c 05-Oct-2014 Jeff Sharkey <jsharkey@android.com> am c5418198: am 3438bc1b: Merge "Correctly rollback failed system app installs." into lmp-dev

* commit 'c5418198cc270d7e7cf1ed558c683d2794266e97':
Correctly rollback failed system app installs.
3438bc1bfd363e1ee656b33ebc8d0e6744470aec 05-Oct-2014 Jeff Sharkey <jsharkey@android.com> Merge "Correctly rollback failed system app installs." into lmp-dev
9d35c5dc79650c5e3781af15f8df5b0d8d078306 04-Oct-2014 Jeff Sharkey <jsharkey@android.com> am 4453d585: am 900e3b5f: Merge "More durable logging around system app upgrades." into lmp-dev

* commit '4453d5859005d5bd0da1ebc75fb1a9e5ead35021':
More durable logging around system app upgrades.
914bd793b3415a198d0cb4216ff9da0a184ab803 04-Oct-2014 Jeff Sharkey <jsharkey@android.com> Correctly rollback failed system app installs.

Fix bug where we disabled system app, but never turned it back on
when the scanPackageLI() failed.

Bug: 17805839
Change-Id: I73999263aee703af187afd980fa0d0ce8451cf0c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2d7576b082b84068fb9d68419b710b9bec49139b 04-Oct-2014 Dianne Hackborn <hackbod@google.com> Fix issue #17752399: Multiple apps broken by GET_TASKS permission change

Keep around GET_TASKS as a permission available to apps, so apps still
think they have it and don't get all uppity because they don't.

Add a new REAL_GET_TASKS that is the actual permission now.

Plus some temporary compatibility code until everyone can transition
fromn GET_TASKS to REAL_GET_TASKS.

Change-Id: I12c1102eed24844685dcbd2fa3b612811603958f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
900e3b5fc5bb4bf4947f63c0fed0757dfb7effa6 04-Oct-2014 Jeff Sharkey <jsharkey@android.com> Merge "More durable logging around system app upgrades." into lmp-dev
3933a5dc8c8c04458c5b8c01919d7449c6d00497 04-Oct-2014 Jeff Sharkey <jsharkey@android.com> More durable logging around system app upgrades.

We've been seeing some really funky behavior when upgrading or
downgrading system apps around OTA time. Put more of these one-time
logs into durable storage to help investigate.

Bug: 17805839
Change-Id: If898d7df229c1f71e598b0d965325c272060e5e7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d8f5edcb81b5d6708e79c1537e63d59f60de484e 03-Oct-2014 Jeff Hao <jeffhao@google.com> Merge "Order apps by priority when performing boot dexopt." into lmp-mr1-dev
65cde7d42d741c7d9aa2714a397b7333f688ab55 30-Sep-2014 Jeff Hao <jeffhao@google.com> Order apps by priority when performing boot dexopt.

Bug: 17641843
Change-Id: I16997b3b5241521e6bd995f2555864b4605edd17
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d594197868c4a51bb8f8bd62479999debc72bf2a 01-Oct-2014 Jing Ji <a5705c@motorola.com> Allow system app to take ownership of built-in permissions

Previous commit bfed9f34c makes the preloaded system app take
precedence over third-party apps when defining permissions, but
it also makes it be able to override android built-in permissions.

Now allow preloaded system app to take the ownership of built-in
permissions instead of overriding it.

Change-Id: I10d588d0284e4316ea4be552fd6191f33e3c725b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a39871ef5e9bf6703f18af0725484b06f5c78216 29-Sep-2014 Brian Carlstrom <bdc@google.com> Use VMRuntime.isBootClassPathOnDisk

Bug: 17679443
Change-Id: If53c236058a7237d735c2344a715cf0a36301f9b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a2b48057e1a15bc9e88a764cad16cda784dc4c04 26-Sep-2014 Kenny Guy <kennyguy@google.com> Merge "Uninstall for all users should check device admins." into lmp-dev
5dde6e334d06e5c2116b2169d7ad67e95238a6f0 25-Sep-2014 Kenny Guy <kennyguy@google.com> Uninstall for all users should check device admins.

Uninstall for all users should check whether package
is admin for any user not just user 0.

Bug: 17657954
Change-Id: Ia116248b5889fc02dd46816a132e03c8e62662c9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
25e1ecaabbde4741663c8e5a777d9df9b939572c 23-Sep-2014 Dianne Hackborn <hackbod@google.com> Maybe fix issue #17614177 APR: system process restarting due to infinite loop

Also try to get rid of a huge wtf we are seeing across a lot of devices
where we incorrectly change real states on a service that is restarting,
and get rid of one of the noisier boot logs in the package manager.

Change-Id: I2510b6fb082eac3f6168cbd57bc3b70ad006114d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
eae9216770f96a60dd8642ffd127ed998259cd9f 20-Sep-2014 Christopher Tate <ctate@google.com> Logspam is spam

This turns out to happen a lot in normal usage, but we're logging
copiously about it each time. It's reporting "oh hey we're already
in this state" -- and so the log is not useful anyway.

Logspam is spam.

Bug 15169507

Change-Id: Ie2d01ff1b0b3600dd9c15ccf83d60875558f1dc2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bfed9f34c0cf7cdf7d25e6a7677e03f5a3d87e0e 19-Sep-2014 Jeff Sharkey <jsharkey@android.com> Fix bugs when system apps reclaim permissions.

Recently we started letting system apps always take precedence over
third-party apps when defining permissions. This change fixes that
logic to claim the permission immediately, instead of delaying until
after the next reboot. (Permissions are always reevaluated after
each install.)

We also tighten the constraints slightly to prevent two system
apps from fighting over a permission definition; the first system
app to claim the permission wins.

Bug: 17526617
Change-Id: I49686407f5e99322bc511795c653c5d702becd9d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ace27915d2cc5073bcbe9cc151a5c61683bdcd1a 19-Sep-2014 Dianne Hackborn <hackbod@google.com> Fix issue #17564607: Apps in the managed profile can send any intent...

...to the primary user, even if it was not whitelisted to be forwarded.

The path where getActivityInfo is called for the ResolverActivity
would not correctly apply the requested user ID to the result, so
it wouldn't run under the correct user.

Change-Id: I1da47c54bbed26091832a28236d0b06762c92437
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1a526f582b2c97a93324b68ae11492f2e25ab571 17-Sep-2014 Dianne Hackborn <hackbod@google.com> Merge "Fix issue #16662560: SingleTop activity is getting instantiated multiple time" into lmp-dev
7922882189a5c1cc62de7e91b067f90d9a3e2f2b 16-Sep-2014 Dianne Hackborn <hackbod@google.com> Fix issue #16662560: SingleTop activity is getting instantiated multiple time

Introduce a concept of a "root affinity" to a task -- this is the
affinity of the initial activity in the task. Use this instead of
the current affinity in findTaskLocked(), where we look for an
existing task to use for a NEW_TASK intent.

This changes the semantics of the new "relinquish task identity" mode
so that it doesn't relinquish the root affinity of the task. This
means when we are in the old style application-based recents matching
of findTaskLocked(), we will never count these tasks as the same as
the application's tasks only because they have relinquished their
identity to that application. This is probably okay, it is basically
putting a different line between new document-centric recents and
old application-centric recents when they are mixed together.

Change-Id: I73a22ead9bd08e98bf67ad035a017f828c6a6715
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f1317857cdf815b95822db16621a566fb12baf20 16-Sep-2014 Dianne Hackborn <hackbod@google.com> Quick fix issue #17514851: dumpsys package <package-name> includes...

...irrelevant install state at the end

Quick and dirty impl just doesn't print any of that data when filtering
by package name. In the future that part of the dump should be smarter
to know how to filter by package name. (Probably also moved to a place
earlier in the dump, so the key information -- the overall package
data -- is still at the end.)

Change-Id: I094f7c2f25401438a68a6aa00d10b19c19eb7c7d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
71ac935526d29097891664af40c54c96d6de02e6 12-Sep-2014 Jeff Sharkey <jsharkey@android.com> Merge "Bring install and install-multiple into parity." into lmp-dev
5c0ed94debe51a2954cf9409b5477cfbcc03d7f0 12-Sep-2014 Jeff Sharkey <jsharkey@android.com> Merge "Consistent clean up of failed installs." into lmp-dev
e980804df16c968c14a56b8853886bf5f049f46e 12-Sep-2014 Jeff Sharkey <jsharkey@android.com> Bring install and install-multiple into parity.

This ensures that both are using (almost) identical logic when
deciding what installs to proceed with. Installs from "pm" for all
users now run as OWNER, and rely solely on INSTALL_ALL_USERS to
express intent. This keeps install session notifications simple.

Since installer UID can vary from installer package name, start
persisting the UID. Also parse some missing flags for install
sessions.

Bug: 17469392
Change-Id: I6d89b1a787aa2024cc4bebf6b9c29317c358e147
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f58e532e015ef31d879ee51aeeb251349784717c 11-Sep-2014 Amith Yamasani <yamasani@google.com> Merge "Apply cross-user restrictions to Shell" into lmp-dev
e107c3eb79be40f1071c4370fd9a3f9e4fd6d6de 09-Sep-2014 Adam Connors <adamconnors@google.com> Remove package level intent forwarding.

Clean up unused methods.

Bug: 17389110
Change-Id: I8a80fe3e14219f06572de05c390cdda0efcbf5db
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9b2d26b68347e246e67c588b548e81fca1d29353 11-Sep-2014 Jeff Sharkey <jsharkey@android.com> Consistent clean up of failed installs.

Instead of remembering to add clean-up logic to every install scan
failure case, rely on the fact that we're now throwing for all errors
and use a finally clause to delete data directory when requested.

When clearing data for a package, always try deleting the app data
directories, even if no record of the package exists. This helps
users recover from UID mismatches without resorting to a full data
wipe.

Bug: 17005516
Change-Id: I352863ef4e468c576ecf136549e21cceae2650d5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8cd28b57ed732656d002d97879e15c5695b54fff 09-Jun-2014 Amith Yamasani <yamasani@google.com> Apply cross-user restrictions to Shell

Even though Shell user is allowed to perform cross-user actions,
lock that path down if the target user has restrictions imposed by
the profile owner device admin that prevents access via adb.

If the profile owner has imposed DISALLOW_DEBUGGING_FEATURES, don't
allow the shell user to make the following types of calls:
start activities, make service calls, access content providers,
send broadcasts, block/unblock packages, clear user data, etc.

Bug: 15086577
Change-Id: I9669fc165953076f786ed51cbc17d20d6fa995c3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ad5f44a68c70f783fb4be85f089f63bfdd63ec0c 10-Sep-2014 Jeff Sharkey <jsharkey@android.com> Merge "Missing manifest error should be NO_CERTIFICATES." into lmp-dev
bc09755e193c2802d2d88871ac3d1f182b260c30 09-Sep-2014 Jeff Sharkey <jsharkey@android.com> Missing manifest error should be NO_CERTIFICATES.

When META-INF/MANIFEST.MF is missing, treat as NO_CERTIFICATES
instead of CERTIFICATE_ENCODING. Also remove redundant layer of
debugging details when wrapping exceptions.

Bug: 15667982
Change-Id: I6e8216d5bf6e42da1feb70c89f991001380305be
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c788487ae5b28bb6f84410fcdb101f0bdfcd467e 09-Sep-2014 Alexandra Gherghina <alexgherghina@google.com> Removing the NO_CROSS_PROFILE flag for intent forwarding

Bug: 17435289
Change-Id: Iffbecd3cf9338a8633bfcc5bc47247bfc50e7546
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a0c9962388361522257b4ff2f55ac7cea0d559f3 06-Sep-2014 Christopher Tate <ctate@google.com> Merge "Don't crash in addPackageHoldingPermissions()..." into lmp-dev
30f349d2ef3f2220c1d478b0faff4c38eaadf12c 05-Sep-2014 Christopher Tate <ctate@google.com> Don't crash in addPackageHoldingPermissions()...

...in cases involving uninstalled apps, or apps whose install state
varies across different users.

Bug 17398315

Change-Id: I7297d82f8bf5d49c50a7fd53d795a706bf2d2313
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2de4f9f971b0130449ab90305965963f688d1ed3 05-Sep-2014 dcashman <dcashman@google.com> Fix boolean comparison after sig check.

Bug: 17402843
Change-Id: I0cb5ffba1a93f71a250294a41040011234ce1029
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
43a2d06166f9d5aa46371c6496ec99a9fba8df00 05-Sep-2014 Jeff Sharkey <jsharkey@android.com> Merge "Allow badging updates to install sessions." into lmp-dev
ec9bad2015c6d3bc91bab66f0824043c1e24d013 05-Sep-2014 Jeff Sharkey <jsharkey@android.com> Allow badging updates to install sessions.

For the system restore use-case, an installer may need to enqueue
their sessions quickly before badging details, like icons, have been
downloaded. This change relaxes to allow an installer to update
their session badging after the session has been created. Notify
observers when badging changes.

Rename callback registration methods to match style guide. Relax
constraint that observers are home app. Fix bug around internal
progress reporting.

Bug: 17376797, 17389236, 17334199
Change-Id: I5fb88508baea2f08e89a1504fcf5ef972afad4a7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
839849111c21e4936fec473ab08e21a12cd36736 05-Sep-2014 Brian Carlstrom <bdc@google.com> Merge "Fix backwards arguments to performDexOpt" into lmp-dev
d382be9b220d8f68d095cd5df56c0b900af44f9a 05-Sep-2014 Brian Carlstrom <bdc@google.com> Fix backwards arguments to performDexOpt

Bug: 16696554
Change-Id: I302f8edc8243d3537afd564599cc798708124dbe
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fd12f4c9e4985e75b38a8136cf6fdb0a6ce726d6 05-Sep-2014 Jeff Sharkey <jsharkey@android.com> Merge "Hold package cleaning until system is ready." into lmp-dev
7767df3c9c4cffab623f7e9decc99d86d443794e 05-Sep-2014 Amith Yamasani <yamasani@google.com> Merge "Fix crash if package setting is not populated yet" into lmp-dev
43789f56147f7d028a5ca1da3a3332adf7542b28 04-Sep-2014 Amith Yamasani <yamasani@google.com> Fix crash if package setting is not populated yet

Bug: 17388687
Change-Id: I441ec37396a3b725a79b933a182c63fbe52d5646
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
977c5bec526b9e763a8d40b416b1d5e4ea92274a 04-Sep-2014 dcashman <dcashman@google.com> Merge "Add upgrade KeySets check to permission pruning on install." into lmp-dev
ebb42e18e8a9c31c92ef4bca0b38d2447afc5558 04-Sep-2014 Brian Carlstrom <bdc@google.com> Ensure that BackgroundDexOptService can still perform dexopt

Bug: 16696554
Change-Id: Id5877618ec9620112fa31dd69016c060bb26b2a7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
436e264e87dcbcebfd9c123685505ce547744b7f 20-Aug-2014 dcashman <dcashman@google.com> Add upgrade KeySets check to permission pruning on install.

Bug: 16564805
Change-Id: I80393eec3c6e1e861a9ec2ae27fe37027311948d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
230561eef41047f04dac1a10949f4bcb43915017 03-Sep-2014 Brian Carlstrom <bdc@google.com> Restrict lazy dexopt to eng builds only

Bug: 16696554
Change-Id: I56bb63ce534842994a70df6b09843b4e3153c845
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ca27d452c14f8a275cf2b7d0e59080690e0dc5c1 02-Sep-2014 Jeff Sharkey <jsharkey@android.com> Hold package cleaning until system is ready.

Package cleaning is going to check things like external storage
state and spin up external services like DCS, so hold it until after
system ready. (There are a handful of cases where we clean packages
during early boot scan.)

Bug: 17152982
Change-Id: I240b1f16679f421d0b416e576ff87713dc01276a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d67a78db88d11a58691082ced6ab6bbc48976188 30-Aug-2014 Christopher Tate <ctate@google.com> Don't rewrite package restrictions unconditionally in findPreferredActivity()

We've been forcing a rewrite of package restrictions when doing preferred-
activity lookups in most cases, even when the lookup was not actually making
any changes to the bookkeeping. Now we only do so when something has
actually changed. Flash drives everywhere rejoice.

Bug 17334180

Change-Id: Id8f20723002b7bbcc1d82ccde55df6ef727b64ba
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
efb1f36f09cdada7c3b2677e6628492d8f256729 30-Aug-2014 dcashman <dcashman@google.com> Merge "Address KeySet API Review" into lmp-dev
dda003ffa84f986bfaba4344124eafa533f5039d 29-Aug-2014 Amith Yamasani <yamasani@google.com> Clean up apks installed for a removed user

When a user is removed, enumerate through all installed packages
to see if any of them are not installed for any user. Delete the
package if no user has it "installed".

Added a pm option to install an apk for a specific user.

Fixed a crash in UserManagerService when executing the above
cleanup - dying users generate a null UserInfo.

Bug: 15426024
Change-Id: I571decde1ae1c257d0da6db153b896aad6d6bcb4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e545035e0ece992941047d7676a53d090c81448d 29-Aug-2014 Alex Light <allight@google.com> Remove obsolete pruneDexCache

Bug: 16875245

(cherry picked from commit 09107db4916913912e61bfe592643b9c4c50b500)

Change-Id: I06e14c405aa4af295795982c1d236be3cb00e893
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c5212217403696f81d2db220a1d9b22872600275 27-Aug-2014 Jeff Sharkey <jsharkey@android.com> Recreate lib symlink after deleting app data.

Bug: 16739202
Change-Id: Ie8dccf67feaf6dfa474d52a3cda0862b952e6762
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1c9edafef8b3841e3b0017b8f6ef5f46277e8646 27-Aug-2014 Jeff Sharkey <jsharkey@android.com> Clear pending operation flag when move failed.

Bug: 17298448
Change-Id: I7a4af0f31d3909a9bfb5a2dd7d168015786024e3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
264a5f5b34d8c1169e81da4136e263344115e02d 26-Aug-2014 Jeff Sharkey <jsharkey@android.com> Merge "Treat moving app as installing in new location." into lmp-dev
d68f83cc478a8ec501d0a5a08a2a737355bee89a 26-Aug-2014 Calin Juravle <calin@google.com> Merge "Pass vmSafeMode (manifest attribute) to installd." into lmp-dev
381d94b712605112b35d7f70064b0d18bd877877 24-Aug-2014 Jeff Sharkey <jsharkey@android.com> Treat moving app as installing in new location.

Moving apps to/from SD cards has historically been neglected, meaning
it can easily break. This happened most recently for split APKs,
64-bit native code, and multiArch support.

To make this easier to maintain, treat move as a no-op upgrade,
following the inheriting code path that split APKs depends on.

Also clean up scary places where different flavors of flags were
being combined, and remove unused flags. Fix media broadcasts to be
sent based on existing app storage location.

New API to abandon install session without opening it.

Bug: 17158495
Change-Id: Ia33bf8f6fdaae099124dfe534f0e320b37bc8e16
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
941a8ba1a6043cf84a7bf622e44a0b4f7abd0178 21-Aug-2014 Jeff Sharkey <jsharkey@android.com> Installing splits into ASECs!

Sessions can now zero-copy data directly into pre-allocated ASEC
containers. Then at commit time, we compute the total size of the
final app, including any inherited APKs and unpacked libraries, and
resize the container in one step.

This supports both brand new ASEC installs and inheriting from
existing ASEC installs. To keep things simple, it currently requires
copying any inherited ASEC contents, but this could be optimized in
the future.

Expose new vold resize command, and allow read-write mounting of ASEC
containers. Move native library extraction into the installer flow,
since it needs to happen before ASEC is sealed. Move multiArch flag
into NativeLibraryHelper, instead of making everyone pass it
around. Migrate size calculation to shared location.

Separate "other" package name in public API, provide a path to a
storage device when relevant, and add more docs.

Bug: 16514385
Change-Id: I06c6ce588d312ee7e64cce02733895d640b88456
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
feb193085adbdc379ee70dbb7dc6ae4c9f2971dd 21-Aug-2014 Calin Juravle <calin@google.com> Pass vmSafeMode (manifest attribute) to installd.

The flag is used to enforce --interpret-only flag when running dex2oat.

Bug: 12457423
Change-Id: Ifdafcc1afa32996577fa44c5682eeb58c79772ac
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bb7b7bea19223c1eba74f525c7fe87ca3911813b 20-Aug-2014 Jeff Sharkey <jsharkey@android.com> More progress towards split APKs in ASECs.

Teach DefaultContainerService to install split APKs, which will be
needed when moving to/from ASECs. Also support forward locking for
testing purposes, even though its deprecated.

Move native library unpacking code to NativeLibraryHelper location
where it can be shared by both DCS and PMS. Also update footprint
calculation logic to mirror the later unpack codepaths.

Immediately persist sealed sessions. When resolving install
locations, prefer location of any existing install of that
package. Lightweight parse requesting certificates now always
verifies that all contents are signed correctly.

Bug: 16514385
Change-Id: Ida1c4eb0f95b065104dd971e19126d4085ebf1f0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
12450c72ebdc695d72b06ddaa8f199d5afe8d525 19-Aug-2014 Esteban Talavera <etalavera@google.com> Merge "Add cross profile intent in order after intent filter resolution" into lmp-dev
54edd1cdc45773dc5c208d9dc4f26b768d200901 18-Aug-2014 Esteban Talavera <etalavera@google.com> Add cross profile intent in order after intent filter resolution

The elements returned by queryIntentActivities must be in order, as specified in the Javadoc. Otherwise the ResolverActivity will incorrectly filter out intents if they follow another intent with lower priority than the ones that will be shown to the user.

Bug: 15906680
Change-Id: I755e05d3017ee124cbae468f51fa86cfdf42b483
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ccc8c29af113b68a337cf4e38fae5d06531b3cf8 19-Aug-2014 Dianne Hackborn <hackbod@google.com> Merge "Fix issue #17114392: android.com.phone crashes - PackageManager code" into lmp-dev
4a88bf99851a3db3b629df23b919f2660c492f18 19-Aug-2014 Dianne Hackborn <hackbod@google.com> Fix issue #17114392: android.com.phone crashes - PackageManager code

Change-Id: Ib02119c6f313384a73fa7cb7b2b62dbd716fa6ca
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f52233df74bb4a3efa1f7b9107353c841eafc933 18-Aug-2014 Nicolas Prevot <nprevot@google.com> Merge "When forwarding intents, ignoring the package set in the intent." into lmp-dev
57137289a2798b8c19f1e9f16bd3f0a71f1b916a 18-Aug-2014 Dianne Hackborn <hackbod@google.com> Merge "Fix issue #17082301: replacePreferredActivity is ignoring userId" into lmp-dev
f2ac2761276e4972f6463d6818c9f5798bdc9a4d 16-Aug-2014 Dianne Hackborn <hackbod@google.com> Fix issue #17082301: replacePreferredActivity is ignoring userId

It was being given the argument and just... ignoring it.

But the bulk of this change is to make replacePreferredActivity
better about replacing -- it now detects if the request will not
make a change and, in that case, just do nothing.

The reason for this?

It turns out that each time you install an app, the telephony
system is calling this function over 20 times to set the default
SMS app. This is almost always doing nothing, but before this
change it means we would re-write packages.xml over 20 times...!

There are definitely more improvements that can be made here (delaying
write of packages.xml to allow them to batch together, reducing
the amount of calls being made), but until then this is a big
improvement.

Change-Id: I02c4235b8ecd5c13ef53e65d13c7dc2223719cec
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
742e790294b3441b79f715fe447069b63c6065db 17-Aug-2014 Jeff Sharkey <jsharkey@android.com> Progress towards staging ASECs.

Move location selection logic into shared PackageHelper location,
and share it between DCS and PackageInstaller. Fix bugs related to
installed footprint calculation; always count unpacked native libs.

Have PMS do its own threshold checking, since it's fine to stat
devices. PMS only ever deleted staging ASECs, so move that logic
into installer and nuke unclaimed staging ASECs. Allocate legacy
ASEC names using PackageInstaller to make sure they don't conflict
with sessions.

Start wiring up session to allocate ASEC and pass through staged
container for installation.

Fix bug to actually delete invalid cluster-style installs.

Bug: 16514385
Change-Id: I325e0c4422fc128398c921ba45fd73ecf05fc2a9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3e3b251f46f6ec46a41d42eb7c36a6268096c70d 16-Aug-2014 Jeff Sharkey <jsharkey@android.com> Merge "PackageInstaller API refactoring." into lmp-dev
a0907436c01fd8c545a6b5c7b28bc3bc9db59270 15-Aug-2014 Jeff Sharkey <jsharkey@android.com> PackageInstaller API refactoring.

Switch to using IntentSender for results to give installers easier
lifecycle management. Move param and info objects to inner classes.

Bug: 17008440
Change-Id: I944cfc580325ccc07acf22e0c681a5542d6abc43
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
376e4ba96222163be1f1cf409dc697550be4a285 14-Aug-2014 Nicolas Prevot <nprevot@google.com> When forwarding intents, ignoring the package set in the intent.

Apps should not be allowed to target a specific package in the target user.

BUG: 17025506

Change-Id: I81afa2f8d0a1114d91c001e357366792c63b6577
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c6f22499f3046684d7175e10ca42cce1492cd36f 14-Aug-2014 dcashman <dcashman@google.com> Address KeySet API Review

Hide KeySet API. Change getKeySetByAlias to not require aliases from the calling
package. Make KeySet parcelable. Add hashCode method.

Bug: 16895228
Bug: 17009318
Change-Id: I75951947dfc7a3cca9f8873bda72576d11abaaf0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
29564cd24589867f653cd22cabbaac6493cfc530 07-Aug-2014 Narayan Kamath <narayan@google.com> Remove system_server classes from the boot image.

We set the system_server classpath in the environment
(like we do with BOOTCLASSPATH). After the zygote forks
the system_server, we dexopt the classpath (if needed)
and then launch the system server with the correct
PathClassLoader. This needed several small / medium
refactorings :

- The logic for connecting to installd is now in a separate
class and belongs in the system_server.
- SystemService / SystemServiceManager have now moved to
classes.jar. They are only used from there, and since they
use Class.forName, we want them to be loaded by the
system_server classloader, and not the bootclassloader.
- BootReceiver now moves to frameworks.jar, because it is
used by ActivityThread and friends.

bug: 16555230

Change-Id: Ic84f0b2baf611eeedff6d123cb7191bb0259e600
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4903f64ba2478849e6c401f42f5a77c1d4f9f7df 11-Aug-2014 Narayan Kamath <narayan@google.com> Persist the cpuAbiOverride setting.

If an app is installed with an ABI override (adb install -r --abi)
we should remember this so that we don't revert to the scan derived
ABI on the next reboot.

bug: 16476618

Change-Id: I6085bc0099eb613dd9d3b07113c7c13859780697
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
20200849d1dd6ac5e52b3d18ced2d9becb5ff229 11-Aug-2014 Narayan Kamath <narayan@google.com> Fix a couple of PM warnings.

- "Could not delete native binary" : This one is a bit of
a WTF. git history tells us this code has been around for
a very long time (the warning's new though). It's a no-op
because codePath always contains the *current* codePath and
trying to remove native libs from the current codePath will
do nothing for bundled apps. This code sounds like it wants
to delete dangling native binaries for system apps that were
upgraded during an OTA. This sounds like a wrong place to do
that, though.

- "Unrecognized code path" : This one's harmless and removed
by moving this call closer to where it's used.

bug: 16823001

Change-Id: I9b40ae507b2c80ff3fdd45d5699df62bfc86514f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7c97bbc39f0b748e413de3cd0b0f0c995a2af0ce 12-Aug-2014 Alexandra Gherghina <alexgherghina@google.com> Bugfix: adds extra null check

Bug: 16976436
Change-Id: Id51fd3125b4e68ff7c0ec37ec031fcb8ff882ed4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fb2c4d18613efb8197c6b6abcac262b7220b7231 10-Aug-2014 Jeff Sharkey <jsharkey@android.com> GID-based permissions are defined by "android".

This matches all other permissions defined by framework-res.apk,
instead of leaving it null.

Bug: 16907551
Change-Id: I7e2d671443d987906b2f29aa1579bef6380e8a52
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
05e8f801b54d43ae43f86a310217ec6f931b5738 08-Aug-2014 Narayan Kamath <narayan@google.com> Reduce the frequency of calls to isDexOptNeededInternal.

The package manager maintains a set of dexopted instruction
sets as a fast path to avoid calling expensive code. We were
correctly adding elements to that list while performing dexopt,
but were *not* adding elements to the list when isDexOptNeededInternal
told us things were up to date. As a result, we'd hit the slow path
100% of the time on userdebug builds in the steady state, i.e, when
the system did not dexopt anything since boot.

With this change, we make sure isDexOptNeededInternal is called
precisely once per boot in such case.

This patch also fixes broken logic for apps that have multiple
code paths. We must mark the paths as dexopted only if we've
processed all paths.

bug: 16828525
bug: 16868741
Change-Id: Icb59121fe915d892e677d9b7e9a4efd11555ae27
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8ad7f2051d722b5a92f0ee0ab46622744b4289ef 04-Aug-2014 Calin Juravle <calin@google.com> Use native ISA for dex code (in case there's a NativeBridge)

In the presence of a native bridge it is more efficient to compile the
dex directly to the native ISA than to use the shared library ISA as a
reference.

This can be achieve by configuring the readonly system properties to map
between the .so ISA and the desired dex code .ISA (e.g.
ro.dalvik.vm.isa.ISA1=ISA2).

Bug: 16185267

(cherry picked from commit I50baa7b37e1465b9adf72d6f6b96f526a08d59c7)
(cherry picked from commit I8fe453a800812e382e8f41b5f7922997aa9c18a9)

Change-Id: I6c9684149691285310c961189b58af8c7f47aff4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6c0b9da65e36543bb50833d1b54ca532d0bd3aab 08-Aug-2014 Jeff Sharkey <jsharkey@android.com> Handle null IPackageDeleteObserver.

Bug: 16862614
Change-Id: I0c197a994b89d49123027f24fe46827c2b994ab6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7328a1b39b3dae1c0cd390c0a3695c6a46b8e9d8 07-Aug-2014 Jeff Sharkey <jsharkey@android.com> Logic to confirm permissions on install sessions.

When an app without INSTALL permission attempts to commit a session,
we involve user to confirm permissions. We currently point at the
base APK, which defines all permissions for an app, handling the case
where a session may only be adding splits.

Add failure codes to represent rejection. Fix bug by ignoring stages
during initial boot scan.

Bug: 16515814
Change-Id: I702bb72445216817bcc62b79c83980c1c2bb0120
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a25dc2bbe70b7449dc57e9619778ba592c198003 05-Aug-2014 Alex Light <allight@google.com> resolved conflicts for merge of 37651b60 to lmp-dev-plus-aosp

Change-Id: I1fe0e64d2069b7424014bd3ff0bf6f80b439220d
(cherry picked from commit 1faf2d0d25550dc759481fd523456711808e8251)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fbd0e9fa37fc17ccd25e4c1f16195bbd27de3c4c 07-Aug-2014 Jeff Sharkey <jsharkey@android.com> Surface user action events when un/installing.

This will be used shortly to connect up with permissions
confirmation UI.

Bug: 16515814
Change-Id: If28cecc28549900d960ac107a1fba0b10ce5bd7b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e41ce995a0c2c6b167ed64b51e34865c5d58ea4d 29-Jul-2014 Alexandra Gherghina <alexgherghina@google.com> Add hidden API for removing cross-profile package filters

Bug: 16646591
Change-Id: Iaf6837fe4390ac1018c49df366ea434776ed7244
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f17e498fea935a389d88193dde2d236ea674d10b 06-Aug-2014 Amith Yamasani <yamasani@google.com> Merge "Allow phone UID to export singleton providers" into lmp-dev
41c1ded7f042a4cf303479550b38fa66d7a18906 05-Aug-2014 Amith Yamasani <yamasani@google.com> Allow phone UID to export singleton providers

Also add a user variant of replacePreferredActivity for use
by SmsApplication.

Map user restrictions for SMS/MMS to AppOps perms.

Bug: 16681533
Change-Id: I3dfed5fc754e33bb51c6f571851653a7c2770e46
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
73140e4df9ed9cfcc897f5cd0742b81d9839d4d4 31-Jul-2014 Christopher Tate <ctate@google.com> Attempt install-time restore even for no-agent apps

Packages without their own backup agents can still have restorable
data to be delivered. Correct the logic for attempting a restore
at install time so that it no longer requires an app-defined backup
agent.

Bug 16688665

Change-Id: I7dcf7ef85ad6b5b393a2c97ce62f1b2eec9d3520
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
43327a61eb57839429fbb064f4166a858788779c 28-Jul-2014 Narayan Kamath <narayan@google.com> Fix regression in renderscript detection.

We must persist the selected (32 bit) ABI for legacy
renderscript apps so that we can launch them correctly.

bug: 16569287

Change-Id: I944acd0cf56ddb1f27337e01bca1b24cd369eb8f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
3f7777fa4f1d392e18bad39edcd4539880c52ff9 24-Jul-2014 Nicolas Prevot <nprevot@google.com> Storing the app who sets a CrossProfileIntentFilter.

When we add a CrossProfileIntentFilter, we store the package and userId of the calling app
inside the CrossProfileIntentFilter.
When an app calls clearCrossProfileIntentFilters, we only remove the filters that the calling app
has set itself.

BUG: 16537557

Change-Id: I6e7bc859383ea66553d9f4230365df8ba27525f3
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
20e0c50f601e5930a246d4556118423a49c12ca1 25-Jul-2014 Jeff Sharkey <jsharkey@android.com> Offer force-dex-opt when running as root.

Recently we removed the PackageManager inotify triggers, meaning the
only supported ways of installing apps were:

-- adb install -r Foo.apk
-- adb shell stop && adb sync && adb shell start

Iterating on most system apps (like Settings) can use the first
approach, but it doesn't work for "persistent" processes like
SystemUI. (ActivityManager is very particular about how it deals
with persistent apps, and it always sticks with the first
ApplicationInfo found at boot.)

So to enable rapid iteration on persistent apps, we now offer the
one missing piece of forcing a dexopt with a new pm force-dex-opt
command only available to -eng or -userdebug builds. Typical use
for iterating on persistent apps now looks like this:

$ mmm frameworks/base/packages/SystemUI/ && adb sync &&
adb shell pm force-dex-opt com.android.systemui &&
adb shell kill `pid systemui`

Yay!

Change-Id: I0ae2467f1d7cda56c70ba20953cd25fa8ee766ff
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
16c8e3f49497b6046972ae650772f65768366be8 25-Jul-2014 Jeff Sharkey <jsharkey@android.com> PackageInstaller changes based on feedback.

Mostly cosmetic changes from API council feedback.

Bug: 16543552
Change-Id: Ic926829b3f77c31f50a899c59b779353daf00d59
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
340ca8b7e81afe891b2d76a08e406eafc63c4fc8 23-Jul-2014 Narayan Kamath <narayan@google.com> Handle apps that share a UID with the system_server correctly.

The system process does not explicitly declare any ABI, or
package any native code that it depends on but its ABI is
dictated by the zygote configuration. We need to account for
it correctly to have apps that share a UID with it work
correctly.

bug: 16317188

Change-Id: I84713c64409d7fdcc314114231e87a9263d5c5e7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
045e648980e66a19f7021116020e733814ac8019 23-Jul-2014 Narayan Kamath <narayan@google.com> Handle renderscript apps in the system partition correctly.

Get rid of various pointless calls to setBundledAppAbisAndRoots.
This method should only need to be called during scanPackageLI.

There's no other good reason to call it.

bug: 16484595
Change-Id: I2830b140058f0fffdbedb51d673e514852854626
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
84e71d1d61c53cd947becc7879e05947be681103 23-Jul-2014 Jeff Sharkey <jsharkey@android.com> Remove APK observers.

Most app installations have migrated to the new cluster-style layout
where each app is placed in a unique directory. There are now two
general issues with these observers:

We can't know when a push/sync has finished delivering all splits
for an app. Also, inotify isn't recursive, so we'd have to manage
watches for each app directory.

Change-Id: I3770fa9059ddf80f933a3804714f2e52591fce49
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
33f5ddd1bea21296938f2cba196f95d223aa247c 22-Jul-2014 Dianne Hackborn <hackbod@google.com> Add permissions associated with app ops.

Change-Id: I575ad7a3ceea59486ca601f69760b14f6269511d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e5bcff624fb58b6f95be8ddff7f5b6b3bf5d19c7 20-Jul-2014 Amith Yamasani <yamasani@google.com> Rename setApplicationBlocked to setApplicationHidden

This corrects the expected behavior of the app state. Hidden apps
can be installed by the store to be brought out of hidden state.

Bug: 16191518
Change-Id: Id128ce971ceee99ba1dea14ba07ce03bd8d77335
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
603862517569cbebed9a7bd231c3fb80292d4bcd 21-Jul-2014 Jeff Sharkey <jsharkey@android.com> Detect bundled app ABI for cluster-style layout.

Now that build system switched to cluster-style layout for bundled
apps, we need to detect primary/secondary ABI based on that layout.

Bug: 16456263
Change-Id: If6daf60ee1815bb6fde560a0c373b4f2bc8bd3a8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1e9189a276e967a7a74ff44a44cf627764396954 17-Jul-2014 Jeff Sharkey <jsharkey@android.com> Support cluster-style installs for bundled apps.

Bug: 16319961
Change-Id: I499b904dfd56f236a1b574c29a44272ed814be0f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9a445771f57dd15b06db0dbefd66c368d84eec2d 16-Jul-2014 Jeff Sharkey <jsharkey@android.com> Install sessions only inherit APK files.

Also track historical install sessions for debugging purposes. Hide
signature verification API for now. Clear code cache only after
killing the app being upgraded.

Bug: 14975160
Change-Id: I52fc7f11d2506f792236d8a365c8cfed21b46c30
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2053168eb4506e2f8795afdbe9731c6451e1589c 14-Jul-2014 Narayan Kamath <narayan@google.com> Dexopt for Context.createPackageContext when code is included.

The package manager now keeps track of per ISA dex-opt state.

There are two important things to keep in mind here :

- dexopt can potentially be very slow. In cases where the target
package hasn't been dexopted yet, this can take multiple seconds
and may cause an ANR in the caller if the context is being
created from the main thread.
- We will need to remove the constraint that dexopt can only be
requested by the system (or root). Apps will implicitly be
requesting dexopt by asking for package contexts with code included.
It's important to note that unlike dalvik, the dexopt stage in ART
isn't optional. ART cannot load classes directly from dex files.

bug: 15313272
Change-Id: I0bd6c323a9c1f62f1c08f6292b7f0f7f08942726
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d8723bd3d68fc62134729a767ffead821add128e 16-Jul-2014 Narayan Kamath <narayan@google.com> Merge "Adjust nativeLibraryDir for package contexts of multiArch installs." into lmp-dev
7dba6eb3ac4fd6c8195cb0d0425866de50a9e114 16-Jul-2014 Narayan Kamath <narayan@google.com> Adjust nativeLibraryDir for package contexts of multiArch installs.

When we're creating a package context for a multi-arch app,
adjust the native library directory to match the bitness of
the process creating the context.

This change also removes apkRoot (which wasn't really being used)
and replaces it with a fully constructed secondary library path.
The secondary library path is a transitional measure until we
can reorganize the system image so that we can use nativeLibraryRoot
for system paths as well (nativeLibraryRootRequiresIsa will then
be true for all packages except for legacy installs).

bug: 16013931

Change-Id: I5ae090334b377b9e087aecf40075fab81b20b132
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5fcaa0c6705ae42be8ff507b362fb8e2393a606a 16-Jul-2014 Jeff Sharkey <jsharkey@android.com> Merge "Clearing "cache" shouldn't include "code cache."" into lmp-dev
78f3cf971b33aa5788f59234fbf3b93b0d0197ec 16-Jul-2014 Jeff Sharkey <jsharkey@android.com> Clearing "cache" shouldn't include "code cache."

Bug: 16187224
Change-Id: I075b651d1ff89d4f0232497d28a6b11270cba4d9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4ed745d359ada6986ac15d8718452e5c55f40170 16-Jul-2014 Jeff Sharkey <jsharkey@android.com> Add code cache directory for apps.

This provides a directory where apps can cache compiled or optimized
code generated at runtime. The platform will delete all files in
this location on both app and platform upgrade.

Bug: 16187224
Change-Id: I641b21d841c436247f35ff235317e3a4ba520441
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
78a130144bdd047665f00782c481d31edb3e5fb7 16-Jul-2014 Jeff Sharkey <jsharkey@android.com> Mark resource-only splits as hasCode=false.

PackageManagerService now skips dexopt for split APKs that don't
declare they have code. Also surface more detailed error messages
in logs.

Bug: 14975160
Change-Id: Ie6078dba724815020cee59b7fc52317e88ca097a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
da96e137bcc8191c584ada7b5de31eaae92f244f 15-Jul-2014 Jeff Sharkey <jsharkey@android.com> Parse more split APK manifest details.

Allow split APKs to define activities, services, receivers,
providers, and metadata. However, support for many manifest items
are explicitly omitted.

Only dexopt split APKs that include code.

Bug: 14975160
Change-Id: I2fbf99e2a62328aa2185e5924755af33060282fc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d0a2de06a7fb4daaf91a75e9e04a2cb54ebc6fba 16-Jul-2014 Jeff Sharkey <jsharkey@android.com> Merge "Add code cache directory for apps." into lmp-dev
61e9bf246f3eacf1b11305eb86a8cb2a217adc5c 16-Jul-2014 Narayan Kamath <narayan@google.com> Fix install --abi for apps with no native code.

We will need to record the overriden ABI in the package
settings (and applicationInfo) so that we launch the app
with it.

Change-Id: Ib71aae69d006a4b0e85e7101c0e0cebf1a950997
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
377ea31c43afe02d452fe462b2b09f23e58d6347 15-Jul-2014 Narayan Kamath <narayan@google.com> Don't throw errors on sharedUid adjustment.

Given that this is "best effort" anyway, stop short of
aborting installs when ABIs can't be adjusted. Otherwise
it will be impossible to test or upgrade an APP that has
a shared UID and changes ABIs. All apps that use a given
sharedUid are expected to use the same instruction set.

Change-Id: Ia9ffd1eb2df7c6ec9a39b23fc40e58794c013749
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f5f1828d968e427b95fe219af022434f1cdfaeb4 15-Jul-2014 Narayan Kamath <narayan@google.com> Fix multiArch installs where only some archs are available.

In this case, NO_MATCHING_ABIS shouldn't result in a failure
when we're trying to match against one of SUPPORTED_32_BIT_ABIS
or SUPPORTED_64_BIT_ABIS.

There shouldn't be a general requirement that packages must
contain both 32 and 64 bit libs because it might legitimately
exclude one or the other for reasons such as compatibility
etc.

bug: 16299358

Change-Id: I5f66b0a54b63b93b36371b584e9cf6bed07c507a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
9f92ffa9278db42655b4d422d887eed0a199886b 14-Jul-2014 dcashman <dcashman@google.com> Merge "Initial KeySet API." into lmp-dev
9d2f441f9bb2c8dcac1150e2cba1d15a86a4efb1 09-Jun-2014 dcashman <dcashman@google.com> Initial KeySet API.

Previously submitted but reverted due to doc-compilation bug.

Bug: 6967056
Change-Id: I9bd7ef299a4c92c4b327f5b5d7e951f0753b4c8a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ad11eb52fe62b6696df2194cb9e176f7d799e844 14-Jul-2014 Jeff Sharkey <jsharkey@android.com> Pass install result message; path selection.

Oops, forgot to include message argument to invoke the new-style
callback. Also use more robust way of generating cluster APK
directory names, and add more logging details on rename failure.

Change-Id: Ifa8abdd1db58b73e13b9a8077ec126cf20a0d90e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a10311434778ea1be1621c2251c0c8c2966f337b 13-Jul-2014 Jeff Sharkey <jsharkey@android.com> Package installation listener events.

Flesh out implementation of install session observers. Carve out 20%
of published install progress for final system operations such as
dexopt, etc.

Add dumpsys output for active install sessions. Create explicit
fsync() instead of overriding meaning of flush(). Hack to throw
IOExceptions over Binder calls.

Bug: 14975160, 15348430
Change-Id: I874457e40c45d2661bc0a526df9285ffea4bb77c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e0b0bef75b66f0a87039c8f58c17b1596a2baebe 13-Jul-2014 Jeff Sharkey <jsharkey@android.com> Surface detailed error messages from PMS.

We now both log detailed error messages and relay them back to any
observer. Start refactoring PMS to throw when errors are encountered
internally to make it easier to reason about flow control; already
uncovered a few instances of errors being silently ignored!

Change-Id: Ia335c5e31bd10243d52fd735c513ca828e83dca0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5de7377feca5242fe7127e2d4dc7792d4886d365 12-Jul-2014 dcashman <dcashman@google.com> Revert "Initial KeySet API."

This reverts commit 9a643fe02bc960e266484547dda5572b094a4c72.
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
405912bce074e9e59a246e2357a108e50dffabf8 09-Jun-2014 dcashman <dcashman@google.com> Initial KeySet API.

Bug: 6967056
Change-Id: I47a01bd5dc25591cc70f58f38920ad0a021094ae
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d79fdf1c62671abac376c71aca8fa19484a1ecf2 21-Jun-2014 dcashman <dcashman@google.com> Remove KeySetManagerService lock.

The KeySetManagerService is a part of the PackageManagerService, which is
responsible for maintaining the association between packages, keysets and
public keys. This information is a critical component of the
PackageManagerService data, and should require the holding of the
PackageManagerService's lock. Remove the existing KeySetManagerService lock
and require the mPackages lock to be held instead.

Bug: 6967056
Change-Id: I803f8388e42469d30562b40212cf497320851268
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
bb580670350b76fa2fcc5ee873f99b7970759cbf 10-Jul-2014 Jeff Sharkey <jsharkey@android.com> Progress toward installer public API: callbacks.

Instead of surfacing all the existing cryptic error codes, we're
going to classify them into broad categories when surfacing through
public API. This change introduces InstallResultCallback and
UninstallResultCallback, and wires them up to existing AIDL
interfaces.

Also start defining general SessionObserver for apps interested
in general progress details, such as Launcher apps. Details about
active sessions are returned through new InstallSessionInfo objects.

Bug: 14975160
Change-Id: I068e2b0c30135f6340f59ae0fff93c321047f8f9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
398b6c26c3c46724e4c44b81d9a2541720f8750b 11-Jul-2014 Narayan Kamath <narayan@google.com> Fix an abi <-> instructionSet mixup.

We should be calling is64BitInstructionSet and
not is64BitAbi.

Change-Id: I5b099af19f1d7409f65f63493d3f13a830f4fb5d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fd12a35dfc5fa30d8221ed6214f8df1f04e569ef 11-Jul-2014 Narayan Kamath <narayan@google.com> Fix broken dexopt logic.

The logic was incorrect in the presence of multiple paths
(cluster installs) or multiple instruction sets (multi arch)
because of an early return in the case of sucessful dexopt.

- Rewrite this logic to make it (hopefully) clearer.
- Fix a related bug in getAppDexInstructionSets.
- Add instruction set to the dexopt logs.

bug: 16013931
Change-Id: I18c9755583f0a6f8be70469ec2062269564f0f41
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8219a25e31b52c701e45ebae82219c64ea18134b 11-Jul-2014 Kenny Guy <kennyguy@google.com> Merge "Enforce block uninstall in PackageManager"
ad8dff5b1343fa8246674c240d9dd95346f6f802 11-Jul-2014 Narayan Kamath <narayan@google.com> Use the correct ABI list while copying native libs.

copyNativeBinariesIfNeededLI returns an index into the list
it was handed, so using Build.SUPPORTED_ABIS here is incorrect.

bug: 16013931

Change-Id: I35e0dad4b5e0c1dc1199f381d8b99cd228719092
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
84f1294a958b42000755dc6570e3eda72ab42140 11-Jul-2014 Jeff Sharkey <jsharkey@android.com> Always derive native library paths at runtime.

Over time, we've unpacked native libraries at various places with
respect to their source APK. Persisting this path in PackageSettings
has caused more pain recently with the switch to supporting multiArch
and cluster installs.

This change switches us to always derive the native library paths at
runtime based on the type of install. This also ensures that
transitioning between a bundled system app and an upgraded system
app will always build the right path.

We still persist the last generated path into PackageSettings to make
cleanup at uninstall time easier.

Bug: 16208505, 16206748, 16212206
Change-Id: Ieb82a424ca4a92b5674983453c50ba4b695abfb0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
989eb371bf8f572fed1e65c6d8aeeb2548be89a7 17-Jun-2014 dcashman <dcashman@google.com> Change key-set/public-key manifest relationship.

Separate definition of public keys and keysets in the manifest to better
represent their relationship. The 'key-set' tags should have nested additional
'public-key' tags that indicate which of the defined 'public-key' tags are
associated with them. The first use of a given 'public-key' name should define
its value; subsequent uses may refer to it only by name. 'key-set' and
'public-key' names may not intersect.

Also, change 'keys' tag to 'key-sets' to avoid issues with previous keysets
implementation.

Bug: 6967056
Change-Id: I7534e4a42326e97b67b55509187c0d3c21a2bb32
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1b88da54a684cf12f36b74bbc7c9548f35180fbe 10-Jul-2014 Kenny Guy <kennyguy@google.com> Enforce block uninstall in PackageManager

Bug: 14127299
Change-Id: I144233b97e5774f6a5d1d2b49f3f0f8a360557ac
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aef5fcdcb5ff13cbdc64f18b315750b8a9a7fe3e 10-Jul-2014 Narayan Kamath <narayan@google.com> Don't assume all system apps are bundled.

Calling setBundledAppAbisAndRoots will end up
setting a path that points to /system/ if it's called
on a system app that was subsequently updated.

bug: 16208505

Change-Id: I0bf85e0341029b3d4d209a402d30c2ce357daaf2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ff110bd61a69f7ed8602ae14b27f7befec76b2e7 04-Jul-2014 Narayan Kamath <narayan@google.com> Multi-arch application installs.

Each application now has two ABIs, the primary
and the secondary. The app is always launched with
the primary, but the secondary might be used by other apps
that load the given applications code. This implies we
must:

- dex2oat the app both ways.
- extract shared libraries for both abis.

The former is relatively straightforward but the latter
requires us to change the layout for shared libs that we
unpack from applications. The bulk of this change deals
with the latter.

This change continues to fill in nativeLibraryPath during
scans for backwards compatibility. This will be removed in
a future patch.

Change-Id: Ia943dd11ef815c5cbfc60f17929eaa2a652a385a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ec55ef0934b8e0d1bb705434947de817f7be57f1 08-Jul-2014 Jeff Sharkey <jsharkey@android.com> Extend pm to support sessions and split APKs.

Separate commands to create an install session, stream files into the
staging area, and then commit the install. Streaming can accept data
from stdin across adb, avoiding extra copy from push.

Extend FileBridge to support blocking close(). Always destroy
session regardless of result.

Bug: 14975160
Change-Id: Ic3f462e7d1901079b785e210228950cdfa676466
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
dbbf07a5c7f514f2168f236e1df3b2ca70d4ab2f 09-Jul-2014 Jeff Sharkey <jsharkey@android.com> Upgraded system apps could be mono or cluster.

Derive old-style paths for monolithic installations, otherwise
assume cluster installation.

Bug: 16163776
Change-Id: I03f1a12f9c07f6177a5c09be2bfe967416c07652
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
284d0906cde8922983f35edaac79900806026d82 09-Jul-2014 Robin Lee <rgl@google.com> am 06505d23: am 1f0180bf: am 74803e55: Merge "Make misc config directory during user creation"

* commit '06505d234ddf66cb71d1f7defd096bdf68bc222d':
Make misc config directory during user creation
06505d234ddf66cb71d1f7defd096bdf68bc222d 09-Jul-2014 Robin Lee <rgl@google.com> am 1f0180bf: am 74803e55: Merge "Make misc config directory during user creation"

* commit '1f0180bfa877373b239a5675f715288db829fa75':
Make misc config directory during user creation
5e6643c1376130e402d30da647fdfebd86b7f2fc 09-Jul-2014 Jeff Sharkey <jsharkey@android.com> Merge "Clean up IPackageManager install surface area."
513a074de68a4772a9900e90f38e74ff92c15e7c 09-Jul-2014 Jeff Sharkey <jsharkey@android.com> Clean up IPackageManager install surface area.

Also more removal of encryption support.

Change-Id: If525dc5a8422134515f225a8ac4731e968069468
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8d479b0c2ddb150182bcf510876a240cb869661b 08-Jul-2014 Jeff Sharkey <jsharkey@android.com> Derive library path for upgraded system apps.

Bug: 16156270
Change-Id: I368433063ff33d15129c8076ddc6f1e2a0963e54
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
65b1a7c0ba4213d625b1cb36d1405cf8767310d4 08-Jul-2014 Jeff Sharkey <jsharkey@android.com> Offer to scan cluster packages at boot.

Bug: 14975160
Change-Id: Ib637f68354b3d4ce4b5b23d875d8e94ccd497fd2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d746057f2414cba2bdc69257cc5be8cb681bb592 07-Jul-2014 Jeff Sharkey <jsharkey@android.com> Change new file installs to be cluster-based!

Now that all the other pieces are in place, we're ready to start
installing new file-based packages as a cluster (the new unified
directory-based layout). This greatly simplifies the renaming
process.

Also add helper methods to ApplicationInfo to give a much clearer
mapping between it and internal field names, since we can't change
the public API.

Add recursive restorecon().

Bug: 14975160
Change-Id: I72a63c5ddbc594c2fec4a91dd59f73ef253fbfd7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4ec2023349f19b2fd2461aa3c9b208eb799a662e 09-Jul-2014 Jeff Sharkey <jsharkey@android.com> Merge "Derive library path for upgraded system apps."
539a7ef5c93b3a4d6ad7db0d278b1aa5814c0393 07-Jul-2014 Alexandra Gherghina <alexgherghina@google.com> Removes cross profile package information when removing an user

This makes sure that if the user id gets reassigned without restarting the phone,
we do not have old information from the preexisting profile.

Also renames method which needs write locks.

Bug: 15928463
Change-Id: I30b0f85cf90d3e0c289a37bcbaec8da63499a170
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b5afefbd0770a9af9e1b8a8b9d01a26e2f0338a7 04-Jul-2014 Nicolas Prevot <nprevot@google.com> Fixing bug when checking that the target user can handle the intent.

BUG: 16079965
Change-Id: Iac61d1c20f5b66b3f3016b82bc4e48d7997ea1a0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
be520fba1e45c77ca20eb66005a0cf19e10939a1 05-Jul-2014 Jeff Sharkey <jsharkey@android.com> Teach DCS about cluster packages.

For the time being, DCS is going to still be doing heavy lifting for
some install tasks, so it need to know how to handle both monolithic
and cluster packages. This change is mostly plumbing work to
eventually handle any various splits APKs that we may encounter.

Bug: 14975160
Change-Id: I39848d5666f9083cb4eca493e5cdaa868f3f99fb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0c54798aac8a86fed24b14a66f09797d58ad0399 06-Jul-2014 Jeff Sharkey <jsharkey@android.com> Start removing ContainerEncryptionParams.

The new PackageInstallerSession APIs will allow installers to deliver
bits directly into system protected storage, so we no longer need
encrypted containers.

Change-Id: I8b598cb149b7dfd1d41e6626c1359610a573edf1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
73767b9d607d99b3a027619b5c6b7f1a09b7673d 05-Jul-2014 Jeff Sharkey <jsharkey@android.com> Extract native code from split APKs.

In the new split APK world, multiple APKs work together to define a
single package. This means that native code may be split among those
APKs. To handle this, extend NativeLibraryHelper to examine all
APKs in a package ordered by splitName.

A package has valid native code as long as one matching ABI is found
inside. The "best" ABI found across all APKs is picked for the
entire package. No attempt is made to ensure that every native
library defined is available for the picked ABI; that's the
responsibility of the installer.

Re-introduce PackageLite to represent a lightweight parsing of an
entire package, which may be a single monolithic APK or a cluster
of one or more APKs.

Remove native code extraction from InstallerSession, since it'll be
handled inside PMS for this release.

Bug: 14975160
Change-Id: I4f4db0f82e88a46101c7777499ebc0a11fd911f9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c13053bf1c05b980421611487ce67677c08db299 29-May-2014 Kenny Guy <kennyguy@google.com> Add package state to block uninstall.

Add package state to allow profile or device
owners to block uninstall of packages.
Add API to DevicePolicyManager to set/get the
state.

Bug: 14127299
Change-Id: I03528819850b42df7bafa7747bb9e4558d20c4e6
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
57dcf5b177b56195421535938544f32d8b591b42 19-Jun-2014 Jeff Sharkey <jsharkey@android.com> Slow progress towards APK clusters.

Differentiate between "split APKs" and "cluster packages". A cluster
package is a directory containing zero or more APKs (base+splits),
and a monolithic package is a single APK (base).

PackageSetting will use the directory name as its codePath, so track
the baseCodePath separately. Clarify documentation in several
places.

Require that all installers provide file:// URIs through existing
hidden APIs; PackageInstaller hasn't been able to read content://
URIs for a long time.

Bug: 14975160
Change-Id: I1c6fed1b55205c2474b09871161a98a26669d22e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ca76cccb61d4d914abbb5079cb65455505494e2f 02-Jul-2014 dcashman <dcashman@google.com> Merge "Initial work for key rotation."
55b1078e2a1b56daa85edfd5000a5844d3c7914b 09-Apr-2014 dcashman <dcashman@google.com> Initial work for key rotation.

Introduces the upgrade-keyset tag to AndroidManifest.xml. This specifies a
KeySet by which an apk must be signed in order to update the app. Multiple
upgrade KeySets may be specified, in which case one of them must be used to
sign the updating apk. If no upgrade-keyset is specified, the current logic
involving signatures is used.

Current Key Rotation Design Decisions:
-Apps using a shared user id may not rotate keys.
-All acceptable upgrade keysets must be specified, including the key signing
the app. This enables key rotation in one update, but also 'locks' an app if
an incorrect upgrade keyset is specified.
-Minimal changes to existing KeySet code.

Bug: 6967056
Change-Id: Ib9bb693d4e9ea1aec375291ecdc182554890d29c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
dbbc070670c1160b15b92a5928e8b9b5bf008b3f 02-Jul-2014 Narayan Kamath <narayan@google.com> am e2840977: am 6e84f8c1: Merge "Fix native crashes when APKs can\'t be opened."

* commit 'e2840977d37e4d19425d448b54895536e43a2989':
Fix native crashes when APKs can't be opened.
6728239cfe8a71d3294b9368a4af73e427a2341c 30-Jun-2014 Julia Reynolds <juliacr@google.com> Apply ENSURE_VERIFY_APPS restriction to PackageManagerService.

Bug: 15986973
Change-Id: I9e8dae15cb866a3bb16e91fc49086fe1633f0bf8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f29131f7013dc0d6994556b95e74db608c89beb8 02-Jul-2014 Narayan Kamath <narayan@google.com> Merge "Fix native crashes when APKs can't be opened."
cef0b39b9211882f59b6bfe1148e2cd247056693 12-Jun-2014 Narayan Kamath <narayan@google.com> Fix native crashes when APKs can't be opened.

There was lax / incomplete error checking around the
construction of Apk handles. This change changes the ApkHandle
API and makes it throw IOException if the zipfile couldn't
be opened.

Additionally :
- Fix a resource leak in DefaultContainerService
- Report errors correctly during package moves.

bug: 15563874
(cherry picked from commit ec4516470d7ce6e47769591d678c838bd3f6f388)

Change-Id: Ia35b464355467d0d36faf34fae85acbbab3f2896
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7f7b0c759e2970178ef68805b21f06a26e24eb76 23-Jun-2014 Nicolas Prevot <nprevot@google.com> Returning badged icons for components of corporate apps.

So, corporate apps in disambiguation dialogs are badged.
And updating the way we show the icon of the personal space to this new design.

BUG: 14377051

Change-Id: Idc707773a64a8feb2d9d4df88c425d5100542636
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
be7c50e0a14e91330ce13161bc14a33d34ff6aca 30-Jun-2014 Dianne Hackborn <hackbod@google.com> Add network access blocking when in battery save mode.

The network policy manager now monitors battery save mode and,
when in battery save, uses its facility to block access to metered
networks to block access to all networks. That is, it tells the
network management service that all networks have an (infinite)
quota, and puts various app uids to be restricted under quota
interfaces as appropriate.

This new network blocking needs a new facility to be able to white
list apps, such as GmsCore. To do this, I refactored the package
manager's permission configuration stuff into a separate SystemConfig
class that can be used by others, and it now has a new tag to
specify package names that should be white-listed for power save
mode. These are retrieved by the network policy manager and used
to build a whitelist of uids.

The new general config files can now go in system/etc/config,
though currently everything still remains in the permissions dir.

Still left to be done is changing the semantics of what uids are
allowed in this mode, to include all perceptable uids. (So that we
can still do things like background music playback.) This will be
done in a follow-on CL.

Change-Id: I9bb7029f61dae62e6236da5ca60765439f8d76d2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
152d5cd30bdfd88b0903b205d38c6966cbded5a8 24-Jun-2014 Narayan Kamath <narayan@google.com> am 22a32d88: am 2a0f9e6a: Merge "Explicitly list out the list of cache subdirs to prune."

* commit '22a32d883794a7a96ff5ffb4830ea59065b3ebda':
Explicitly list out the list of cache subdirs to prune.
828d11df52680ad75e045f5e4251311605d37af2 25-Jun-2014 Alexandra Gherghina <alexgherghina@google.com> Fix uninitialized variable warning

Change-Id: Ib1d4a4e1431388a839f9ef8027b439f57922b025
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
fa4533f3a07ebed479d2a0e7af7d6e03d4417d41 24-Jun-2014 Alexandra Gherghina <alexgherghina@google.com> Skip forwarding launcher intents

If we forward intents when looking up launcher icons, we end up
having an icon for a disambig activity instead of the apps for that user.

Bug: 15769854
Change-Id: Ia57525466dba57b6669b2b5cedf98f202d08f586
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
67565a09f59db91ee0ebcdcf29b9bae0fb17ec32 24-Jun-2014 Narayan Kamath <narayan@google.com> am 152d5cd3: am 22a32d88: am 2a0f9e6a: Merge "Explicitly list out the list of cache subdirs to prune."

* commit '152d5cd30bdfd88b0903b205d38c6966cbded5a8':
Explicitly list out the list of cache subdirs to prune.
3cd9b0d5ef0b171a79b49f76794e8325198876cf 24-Jun-2014 Nicolas Prevot <nprevot@google.com> Merge "Small fix related to cross-profile intents."
9e36a8cd3e106e5a2bb0d5cce805842b61e05426 23-Jun-2014 Brian Carlstrom <bdc@google.com> am 1b98ccf2: am 0924ef65: Merge "Treat missing package usage data as a separate case"

* commit '1b98ccf275d93197c1aa746d5c492a57cd62be7f':
Treat missing package usage data as a separate case
a29e43a364dc8dbe7e97184b535fe3f5d587d7ed 23-Jun-2014 Nicolas Prevot <nprevot@google.com> Small fix related to cross-profile intents.

Change-Id: Ie489d1f83fd23190ffdc1e1abb4f0cfffebeac8d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
aeb0ed74670e0502a04b689fe1b4fe0f537f4a91 23-Jun-2014 Alexandra Gherghina <alexgherghina@google.com> Merge "Adds cross-profile intent filters for the Settings app"
78e51f360d9d89f1fe8acf4baa76ef7854d88130 23-Jun-2014 Brian Carlstrom <bdc@google.com> am 9e36a8cd: am 1b98ccf2: am 0924ef65: Merge "Treat missing package usage data as a separate case"

* commit '9e36a8cd3e106e5a2bb0d5cce805842b61e05426':
Treat missing package usage data as a separate case
88cc346d0602e0b173b5076cd0051120682da601 14-May-2014 Nicolas Prevot <nprevot@google.com> Show the icon of the personal space.

In an intent disambiguation dialog from a managed profile,
when the intent can be forwarded to the personal space:
show the icon of the parent next to "Personal apps".
And put it at the bottom of the dialog.

Change-Id: I523222aac5dde9653e784eb26cf23cdaf018b86c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6e2ae2590ded39f04f76d5ddca0f06fe01586e26 12-Jun-2014 Alexandra Gherghina <alexgherghina@google.com> Adds cross-profile intent filters for the Settings app

Bug: 15466742
Change-Id: Id9af588f2f3d51a562ef2a06fe7404c96123cc2e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
e7cd37e6138c5e769cc6cb398e632bca24d2d1ab 19-Jun-2014 Nicolas Prevot <nprevot@google.com> Merge "Introducing crossProfileIntentFilters that skip the current profile."
63798c596dc757135950313eb4bb44ca58696c68 27-May-2014 Nicolas Prevot <nprevot@google.com> Introducing crossProfileIntentFilters that skip the current profile.

For these crossProfileIntentFilters, the activities in the current profile cannot
respond to the intent.
Only activities in the target profile can respond to the intent.

BUG: 14936725

Change-Id: I5e2704c2b56ff50a8339dd49284956391d7fad7e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
275e085d5a42ced54bb79e40ff76c77539e7d82d 18-Jun-2014 Jeff Sharkey <jsharkey@android.com> Stronger PackageParser contract, more split work.

Require that method callers always provide relevant paths, instead of
relying on constructor. Move DisplayMetrics to be an overall parser
parameter, and move PARSE_TRUSTED_OVERLAY to flags.

Parse split APKs and apply deterministic ordering based on split
names. Assert consistent package name and version code across all
split APKs in a package, and enforce unique split names and required
base APK.

Collect certificates for split APKs, enforcing they're all signed
consistently. Better flow control and resource cleanup when
collecting certs. Refactor validation code so it's easier to reason
about. Cleaner maintenance of read buffer when draining stream
contents.

Change-Id: I8bc8c62095fbb933227b9e76ad8771f4b1246fe8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0270cfb71df55c1d213340bf9b678a48cc7b8e6e 20-Jun-2014 Jeff Sharkey <jsharkey@android.com> Merge "Explicitly collect manifest digests."
032f2b246bd01653c592f2b148d6a0debfe164b2 20-Jun-2014 Jeff Sharkey <jsharkey@android.com> Explicitly collect manifest digests.

Previously it was a side effect of collectCertificates().

Bug: 15740334
Change-Id: I2e044fdcc1c86ce730b9570bfbecf873366325e1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
2c43c339de5aaf4fef58aa9b5ac3af48609263a8 13-Jun-2014 Jeff Brown <jeffbrown@google.com> Resolve boot time dependencies related to the power manager.

This change fixes a bug where native daemons may try to communicate
with the power manager before it was fully initialized due to a race
between publishing the binder service and completing init().

The solution was to simplify the dependencies related to the power
manager. It turns out that most services that were passed in
init are not actually needed until systemReady. What remained
was a dependency on the activity manager to check permissions for
incoming calls. So now we start activity manager first.
However, the activity manager also depends on power manager for
wakelocks. To break the cycle, we now defer initializing the activity
manager's wakelocks until after the power manager has been started.

Cleaned up a bunch of boot-time service dependencies so that we
can have better confidence that they are correctly maintained.

Bug: 13884219
Change-Id: If08e2d7ccd44e7026a72441bb6bd5afd7bb9fffe
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8a4c9721a9e09d20c63381c13fa29bd9f7cbc3e3 16-Jun-2014 Jeff Sharkey <jsharkey@android.com> Plumb split APKs into public API.

Introduces new ApplicationInfo fields to surface zero or more split
APKs for an application. Splice these APKs into both the class
loader and resource system. Cleaner building of these paths.

Run dexopt() on all split APKs found after a parse, and populate
into ApplicationInfo.

Change-Id: I4a376bf4492d84ea95aafa866e106ea43a43e492
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
96f4e595ba09bf9a5a5b58882d6e4cebdcf06503 17-Jun-2014 Jeff Sharkey <jsharkey@android.com> Only movedex() when working with apps-on-SD.

Partial revert of earlier change that tried doing movedex() during
a package upgrade. Verified that the normal package upgrade path
already wipes old code as part of InstallArgs.cleanUpResourcesLI().

Change-Id: Icc5ae0d2718a0c494bfe7becf72df50c641efe1b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5406f59abd0cde826e8254fe628bea6d80769c8c 16-Jun-2014 Narayan Kamath <narayan@google.com> am 6a6411e3: am 076dc013: Merge "Move dex file pruning to installd."

* commit '6a6411e3d8c533a40bfe1897e2c26e3d6f3b52e0':
Move dex file pruning to installd.
c4858a2ba972e86436d629c4d3f18eb49116de14 16-Jun-2014 Jeff Sharkey <jsharkey@android.com> Switch PackageParser to reference single path.

It previously kept mPath separate from mScanPath for some very odd
edge cases around moving apps-on-SD. This changes it to always use
a single path, refactors moving to keep separate paths.

Refactors method names in PackageParser to be clearer about their
APK-versus-package relationship.

Beginnings of a split package parser. Instead of requiring that
callers check error codes when null, switch to always throwing on
parse errors, to require that callers deal with the error. Longer
term the entire parser should switch to this style, but its too
pervasive for a simple refactoring.

Change-Id: If071d8e55e46e56cc201fadfb51cb471713ae973
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b87de28f50e9f02a365f35348f8da6cc2629bc1c 13-Jun-2014 Jeff Sharkey <jsharkey@android.com> Build usesLibraryFiles with ArraySet.

Use ArraySet instead of using odd shared variable.

Change-Id: Ide5095069ae8f2dcb4553f37e877fc1fce33ebde
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
5d140e4b1b1d43c742a7d67dd5f9d394c846945f 16-Jun-2014 Narayan Kamath <narayan@google.com> am 5406f59a: am 6a6411e3: am 076dc013: Merge "Move dex file pruning to installd."

* commit '5406f59abd0cde826e8254fe628bea6d80769c8c':
Move dex file pruning to installd.
93e9e7208e0de349a9592ac59153d6b06c202fe6 12-Jun-2014 Christopher Tate <ctate@google.com> am ba6e8ae5: Merge "Relax duplicate-permission-definition constraints slightly" into lmp-preview-dev

* commit 'ba6e8ae5d2a364799fd6bc84179e33b6731e574b':
Relax duplicate-permission-definition constraints slightly
f9fcfaae78afb0bc3e6a0716ad1d5fe3561bb81e 12-Jun-2014 Christopher Tate <ctate@google.com> Merge "Relax duplicate-permission-definition constraints slightly" into lmp-preview-dev
104e14531ca2212117540d8b6abc06ab67564ebc 12-Jun-2014 Dianne Hackborn <hackbod@google.com> am f894cad0: Merge "Some tweaks to improve document task creation." into lmp-preview-dev

* commit 'f894cad093c1a3083f4aca099babc4677977a12f':
Some tweaks to improve document task creation.
d38aed81420d7d992f65ef2efb5f69c1900fc61d 11-Jun-2014 Dianne Hackborn <hackbod@google.com> Some tweaks to improve document task creation.

- Mark the chooser activity as never launching in to a new
task, even if the caller asks for it. These are dialogs
so don't make sense as stand-alone tasks. (Maybe later
the policy should be to not launch into a new task in any
case that the activity is a dialog or even transparent at all.)

- Keep track in the task record of whether any activities in
it have been shown to the user, and use this to automatically
remove the task when all activities finish. This leans up
cases where apps are launching stub activities that get turned
in to tasks but are never seen by the user because they
immediately launch another activity in another task and
then finish.

Change-Id: I00b641c80aa96bd5071479f36ee2e4d8e3a81aeb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8f70744221b739f749f4e5fecff53083ef1d075a 05-Jun-2014 Adam Connors <adamconnors@google.com> DO NOT MERGE : Allow system process to call getApplicationBlockedAsUser

MDMs in the managed profile needs to be able to call
DPM.isApplicationBlocked without the INTERACT_ACROSS_USERS
permission. DevicePolicyManager checks for appropriate
PROFILE_OWNER permission and then removes callerId, so this
change is needed to prevent a spurious security exception.

Bug: 14400206
Change-Id: Idd1bda6bb234f6cb7cb78a885ae2d7cc5cca4890
(cherry picked from commit c11c67b3e117b4fec3245f87b6d510461c1f8323)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
b8c0383b0c00ed372ab92d3d0a5095c352d3e642 06-Jun-2014 Christopher Tate <ctate@google.com> Relax duplicate-permission-definition constraints slightly

If the permission being redefined by the install-candidate package is
supplied by the system itself, ignore the redefinition but allow the
install.

Bug 14618942

Change-Id: I3d320e446587e528ae175dcd4782e607729caff7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
1a910ef2b40de91e834a5a82d9b75d117a45da04 05-Jun-2014 Adam Connors <adamconnors@google.com> Allow system process to call getApplicationBlockedAsUser

MDMs in the managed profile needs to be able to call
DPM.isApplicationBlocked without the INTERACT_ACROSS_USERS
permission. DevicePolicyManager checks for appropriate
PROFILE_OWNER permission and then removes callerId, so this
change is needed to prevent a spurious security exception.

Change-Id: Idd1bda6bb234f6cb7cb78a885ae2d7cc5cca4890
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c32a244e907719e03d0fae42b20401dcd2c595fc 03-Jun-2014 Narayan Kamath <narayan@google.com> am dd2e9d33: am 7cb13f8a: Merge "Scan for renderscript files before deciding ABIs."

* commit 'dd2e9d3386d2d74f99f79bcad951ff5cdefa6fab':
Scan for renderscript files before deciding ABIs.
dd2e9d3386d2d74f99f79bcad951ff5cdefa6fab 03-Jun-2014 Narayan Kamath <narayan@google.com> am 7cb13f8a: Merge "Scan for renderscript files before deciding ABIs."

* commit '7cb13f8a0a40f3d971a953b330f38bfcfb001c5e':
Scan for renderscript files before deciding ABIs.
797b109c60bda8e122075b0c2101d3f2a0b67c07 03-Jun-2014 Narayan Kamath <narayan@google.com> am 7ed98c43: Merge "Add an --abi argument to "pm install""

* commit '7ed98c43f8cbcfbb4862205a72455ab39359a011':
Add an --abi argument to "pm install"
116bdbd823b607d860b039ec334a1f985eed7a7f 29-May-2014 Narayan Kamath <narayan@google.com> Add an --abi argument to "pm install"

This allows callers to force an install to a particular
ABI. This is intended only for testing (and CTS) and is
not meant for usage by the installer package.

bug: 14453227

(cherry picked from commit 6431d11cd420536aaa9d93ae510a3151ccc4df1d)

Change-Id: I85d4f8785deea02a6a4d3cb0b05e6ef8bf64826b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
415f354134254fbc70db48d5798e82fc87751df2 29-May-2014 Christopher Tate <ctate@google.com> am ba922631: Merge "Don\'t crash on boot" into lmp-preview-dev

* commit 'ba9226316df301fb612606f919aa69e109645c82':
Don't crash on boot
f889ed11d21bfd3010f8e4e192a0532b7f6f7994 29-May-2014 Christopher Tate <ctate@google.com> Don't crash on boot

...when removing dangling preferred-activity entries.

Bug 15310848

Change-Id: Ibe9d82a06f8c608b866a2c3c6b286da2ededacca
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
8194899071e0a84c95ef10614bd1b9485b48f589 16-May-2014 Nicolas Prevot <nprevot@google.com> Rename code related to cross-profile intents.

For example, replace ForwardingIntentFilter by CrossProfileIntentFilter

Bug: 15023443

Change-Id: Iee8cdf578817ef9956bcdece803a49b0d07b67f7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d9a6475c9c4825b2d8fc5ea09b9de54ad4f91ee3 22-May-2014 Christopher Tate <ctate@google.com> DO NOT MERGE - Don't crash uninstalling updates to system apps

Bug 15167960

Cherrypick from master

Change-Id: Ibcb3275adb27b20939a237511aaaa8b0011127e1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f71ece48a14e5c7da97024b0ced83da69e648a89 22-May-2014 Christopher Tate <ctate@google.com> Don't crash uninstalling updates to system apps

Bug 15167960

Change-Id: I606638292e524078f2859ba6be0a4861a4e01c00
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a562f5daf6863640afb931db9e9ea66bea94b828 21-May-2014 narayan <narayan@google.com> am 82ec8c58: am ab3d85ab: am 838b1e22: Merge "Fix NPE in PackageManagerService."

* commit '82ec8c58b1f1cd0cce56d11b7679440f6ba54f4a':
Fix NPE in PackageManagerService.
82ec8c58b1f1cd0cce56d11b7679440f6ba54f4a 21-May-2014 narayan <narayan@google.com> am ab3d85ab: am 838b1e22: Merge "Fix NPE in PackageManagerService."

* commit 'ab3d85ab1a0ae58add5df6efc30607624475405b':
Fix NPE in PackageManagerService.
1d265716954122f79d5fdd9d953a98e303d298c9 21-May-2014 Brian Carlstrom <bdc@google.com> am e77a77d0: am ec71fed0: Merge "Improve ABI handling for shared user ids."

* commit 'e77a77d081ff9d05100702f5880f356da27fd087':
Improve ABI handling for shared user ids.
96db91e0ff30c872dacc7f9a5d5a67e950e4ba26 20-May-2014 Narayan Kamath <narayan@google.com> Improve ABI handling for shared user ids.

The key improvement is that we need to keep track of
the package that's currently being scanned (this includes
new installs and upgrades of existing packages) and treat
it specially. If we didn't do that, In the case of upgrades
we would perform the shared UID calculation based on the ABI
of the old package, and not the current package.

This change also allows us to perform the CPU ABI calculation
before dexopt, which saves us from having to do it twice and
fixes a bug where we were using the wrong package path to
dexopt a package.

This also has the side effect of fixing 15081286.

bug: 15081286

(cherry-picked from commit b851c89d2252cf3d1dc504558ce1553527885316)

Change-Id: I20f8ad36941fc3df29007f0e83ce82f38f3585c8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d4e6d467cd61d6bec1ae25744a415a96f0a0f760 17-May-2014 Dianne Hackborn <hackbod@google.com> Delay the dispatching of non-wakeup alarms.

When the screen is off, there are no guarantees about when
non-wakeup alarms will be dispatched. Historically they are
dispatched any time the device wakes up. With this change,
we will delay the dispatch until sometime later.

The amount of delay is determined by how long the screen has
been off. Currently there are three possible delays: up to
2 minutes if the screen has been off for less than 5 minutes;
up to 15 minutes if it has been off for less than 30 minutes;
and otherwise up to an hour.

When the screen is turned on or a wakeup alarm is dispatched,
all delayed alarms will also be dispatched.

Note that one of the things this delays is TIME_TICK, which
means the in many cases we won't deliver TIME_TICK until the
screen is in the process of waking up. The current
implementation causes this to be delayed until the SCREEN_ON
broadcast is sent; we probably want to improve this to have
the power manager tell the alarm manager about the screen
turning on before it sends that broadcast, to help make sure
things like the lock screen can update their current time
before the screen is actually turned on.

In addition, switch all of the alarm stats to use the new
PendingIntent "tag" identifier for its operations, instead
of the old code to try to construct a pseudo-identifier
by retrieving the raw Intent.

Also add a new package manager command to immediately write
packages.xml.

Change-Id: Id4b14757cccff9cb2c6b36de994de38163abf615
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f6edb97b62a89789f7eea5ca4b31f697333c88cc 19-May-2014 Narayan Kamath <narayan@google.com> am 9672ee12: am deda5467: am a4fd1baa: Merge "Fail if we\'re unable to agree on an ISA for shared UIDs."

* commit '9672ee125d6aee73bf1e5425c4089285714f25bf':
Fail if we're unable to agree on an ISA for shared UIDs.
9672ee125d6aee73bf1e5425c4089285714f25bf 19-May-2014 Narayan Kamath <narayan@google.com> am deda5467: am a4fd1baa: Merge "Fail if we\'re unable to agree on an ISA for shared UIDs."

* commit 'deda5467f44fc4a03c3435f0c6d7bda4ea298b99':
Fail if we're unable to agree on an ISA for shared UIDs.
5d5f19a339bc4a8f10f75b51625d8d50ee0729e0 15-May-2014 Narayan Kamath <narayan@google.com> am 6e2e6868: am 706b1d7e: Merge "Remove "required" prefix from ABI fields."

* commit '6e2e686889037711170ee145f9dfdb442cee85db':
Remove "required" prefix from ABI fields.
1e74c37f8e1acb595f407e0f65744bb6b00c9314 15-May-2014 Narayan Kamath <narayan@google.com> Merge "Remove "required" prefix from ABI fields."
3a44f3f1b446315ef894e01d2ab9b5388c2bd8c4 29-Apr-2014 Jeff Sharkey <jsharkey@android.com> Initial support for split APKs, PackageInstaller.

Defines a new PackageInstaller class that will be used for installing
and upgrading packages. An application desiring to install an
application creates a session, stages one or more package files in
that session, and then kicks off the install.

Previously, PackageManager would always make its own copy of a package
before inspecting it, to ensure the data could be trusted. This new
session concept allows the installer to write package data directly to
its final resting place on disk, reducing disk I/O and footprint
requirements. Writes are directed through an intermediate pipe
to ensure we can prevent mutations once an install has been initiated.
Also uses fallocate() internally to support optimal ext4 block
allocation using extents to reduce fragmentation.

Sessions are also the way we support installing multiple "split" APKs
in a single atomic operation. For a set of packages to form a valid
application, they must have exactly the same package name, version
code, and certificates. A session can also be used to add a small
handful of splits to an application by inheriting existing packages
when not performing a full install.

Add PackageParser support for extracting split names and certificates.

Bug: 14975160
Change-Id: I23d1bf4fbeb9f99a8c83be0c458900a0f0d1bccc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
34f6084bc21b07ae9112be6e7a8f50c49828ac9c 30-Apr-2014 Narayan Kamath <narayan@google.com> Remove "required" prefix from ABI fields.

As per a comment on an earlier code review.

Change-Id: I3ae30f8a7bc90730068644f93b926e0e05a2cdfb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
027c75d5e2861e90058bcd2d267b47498caf82cf 13-May-2014 Brian Carlstrom <bdc@google.com> am f230061b: am 2ce02bba: am b7d7cbc9: Merge "Fix background PackageUsage writing."

* commit 'f230061b383f3e5fa63a266d84477963dc5f226c':
Fix background PackageUsage writing.
f230061b383f3e5fa63a266d84477963dc5f226c 13-May-2014 Brian Carlstrom <bdc@google.com> am 2ce02bba: am b7d7cbc9: Merge "Fix background PackageUsage writing."

* commit '2ce02bba1eea682282408b8521dad8c91837fbab':
Fix background PackageUsage writing.
809146690d03b3ec3404c37c1fb467f7b7234692 09-May-2014 Brian Carlstrom <bdc@google.com> am 09d11896: am edc31509: am b98ca5b0: Merge "If PackageUsage information is missing, treat as first boot and compile everything"

* commit '09d1189668a74b2cd4a6af124e95c9e6786499f2':
If PackageUsage information is missing, treat as first boot and compile everything
09d1189668a74b2cd4a6af124e95c9e6786499f2 09-May-2014 Brian Carlstrom <bdc@google.com> am edc31509: am b98ca5b0: Merge "If PackageUsage information is missing, treat as first boot and compile everything"

* commit 'edc31509c2ff8cba86f30c836934d32a3e249dec':
If PackageUsage information is missing, treat as first boot and compile everything
dfad99ad9fd5953b9d726715c40197a3e70e7dd0 08-May-2014 Brian Carlstrom <bdc@google.com> resolved conflicts for merge of 0b5598c9 to master

Change-Id: Ie911d6b0b5e2b87e2b4669fa2465a82bb5807893
6422abef786632e53337c6c298ffa64f7ddf4d90 07-May-2014 Brian Carlstrom <bdc@google.com> resolved conflicts for merge of 3bbef521 to master

Change-Id: I0bbb7c80f6c4f003779da784475d7acbfb898c94
0b5598c924fc140db5cfee08c17fd91e630b1c9e 07-May-2014 Brian Carlstrom <bdc@google.com> am 691079dd: am a21ba5be: Merge "Add BackgroundDexOptService"

* commit '691079ddc0055fac9b82dccaf35b4591978b2a55':
Add BackgroundDexOptService
3bbef521d4b07f86010ba0729a36ff8b73bcb0ac 07-May-2014 Brian Carlstrom <bdc@google.com> resolved conflicts for merge of f2db00fd to klp-modular-dev-plus-aosp

Change-Id: I745164033962f6222832f8f19fa316a2e2634fd0
010cfd458121034075c7439020ffef4eedbcc0fc 16-Apr-2014 Adam Connors <adamconnors@google.com> Add enableSystemApp methods to DevicePolicyManager

These methods allow profile or device owners to enable
systems apps pre-installed in the primary user in the
managed profile. Apps can be specified by either package
name or intent.

Bug: 13587051

Change-Id: Ifcbc68c139308506b6c18cf3c0ea62b8026ff75f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c79586ede6dcd6a167bc8360f058cb5cc655b33d 06-May-2014 Nicolas Prevot <nprevot@google.com> Cleaning code related to the forwarding intent filters.

Checking for INTERACT_ACROSS_USERS_FULL
Adding equivalent methods in the PackageManager

Change-Id: Iaa1328fa666613a78e67ca669ea045144275e895
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
6fee7d4cf991a8d39bdefb782937250c87f60f25 01-May-2014 Nicolas Prevot <nprevot@google.com> Introducing removable and non-removable ForwardingIntentFilters.

clearForwardingIntentFilters removes only non-removable IntentFilters.
The ForwardingIntentFilters set by the profile owner are always removable.

Change-Id: If950ccd7e69261b86360ea647fdb501c92f5440b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
531381056fac077cffcd509b1e89d9b41f400fca 01-May-2014 Narayan Kamath <narayan@google.com> am 5dca099d: am 1cec7f85: Merge "Don\'t adjust ABI if PackageSetting#pkg is null."

* commit '5dca099df7100c531e111b50435605c318f1e6d4':
Don't adjust ABI if PackageSetting#pkg is null.
d6809b35aff02fdccf7ac433005aba2d06bbc3ff 01-May-2014 Narayan Kamath <narayan@google.com> am c1f81f90: am 27f2bfc4: Merge "Fix dex file pruning logic."

* commit 'c1f81f9086037dde6e082b8a80c84277cb727726':
Fix dex file pruning logic.
fbd80b58db2aa8f650acf26305e8cbed24a5755b 01-May-2014 Narayan Kamath <narayan@google.com> am 51f4367c: am bcc3b312: Merge "Adjust instruction sets for shared UID apps."

* commit '51f4367cac606580a5ca10ec1cf2dcab3982aebc':
Adjust instruction sets for shared UID apps.
3a951e52d93697b7e232501b78f9ffb0ec605516 01-May-2014 Narayan Kamath <narayan@google.com> resolved conflicts for merge of 69da8a12 to klp-modular-dev-plus-aosp

Change-Id: Ie07b88f324749afcf8417b50d4dbbc6e2a271a2a
d2ec8724d2a3407e28161299d44e2e113fe437ec 01-May-2014 Narayan Kamath <narayan@google.com> am d85ded89: am 645a920f: Merge "Fix OEM native library path bug."

* commit 'd85ded890d86d454a0571c63911ff911633e3a95':
Fix OEM native library path bug.
f5c6a1b3eb10f0374fcbab55853f400778f0f8e7 01-May-2014 Narayan Kamath <narayan@google.com> am eb573498: am 986b901a: Merge "Fix native-lib dir assignment & updating"

* commit 'eb5734989b3ef5455359f8807684a860ad04c134':
Fix native-lib dir assignment & updating
0338af46f968e2e1c2fd8c62e9387546fa9ed86b 01-May-2014 Narayan Kamath <narayan@google.com> am 99253c2d: am fde59428: Merge "Handle /oem and /vendor as well"

* commit '99253c2da945cbd4725efced6cac2dc40c858d6c':
Handle /oem and /vendor as well
5bc12a1b5dadfd504fb03875fad97cda8d39cf25 01-May-2014 Narayan Kamath <narayan@google.com> am a7b465ef: am d91358b2: Merge "Support per-package lib dirs for bundled apps"

* commit 'a7b465efc4eede46b8dfc8932c6c30346e8e79de':
Support per-package lib dirs for bundled apps
ff2e05e1f69eb0cbe9ba68cb1adbd2b2922eeeb7 01-May-2014 Nicolas Prevot <nprevot@google.com> Merge "Introduce forwarding intents across profiles."
10fa67c77e11699391e27975fc2d276a0b8c7cbb 24-Mar-2014 Nicolas Prevot <nprevot@google.com> Introduce forwarding intents across profiles.

The package manager service maintains, for some user ids, a list of forwarding intent filters.
A forwarding intent filter is an intent filter with a destination (a user id).
If an intent matches the forwarding intent filter, then activities in the destination can also respond to the intent.

When the package manager service is asked for components that resolve an intent:
If the intent matches the forwarding intent filter, and at least one activity in the destination user can respond to the intent:
The package manager service also returns the IntentForwarderActivity.
This activity will forward the intent to the destination.

Change-Id: Id8957de3e4a4fdbc1e0dea073eadb45e04ef985a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ab45d1d6d296f4f61632a472cf7bd8626c8d5a06 30-Apr-2014 Narayan Kamath <narayan@google.com> Don't adjust ABI if PackageSetting#pkg is null.

If means the package hasn't been scanned yet, and we
will adjust the ABI during the scan of the last package
in the shared user group.

NOTE: This needs some more cleaning up, which will be
done along with the remaining TODO in this function.

Change-Id: Ie332806b64e22ab4a4856e1ccd064ff6a01616bf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f6b635e4f00cd40d4c46730f7d23df6cc8bf4aa4 29-Apr-2014 Narayan Kamath <narayan@google.com> Fix dex file pruning logic.

We should now prune all normal files from /data/dalvik-cache
in addition to looking for dex files in all subdirectories of
/data/dalvik-cache.

Change-Id: I4abb2b01b359bbb1b8ece2c9025541a5d5e335f5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
df6d6dc2aac2912e98de3fe37869d2b179eb23db 28-Apr-2014 Narayan Kamath <narayan@google.com> Adjust instruction sets for shared UID apps.

Since shared UID apps are run in the same process,
we'll need to make sure they're compiled for the same
instruction set.

This change implements the recompilation of apps that
don't have any ABI constraints.

Apps that *do* have ABI constraints are harder to deal
with, since we'll need to rescan them to figure out the
full list of ABIs they support and then re-extract the
native libraries from these apps once we find an ABI we
can use throughout.

Change-Id: I365c6b0b18187df814d4736da61b199dd4494e3c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0f206a149d27385ef092a34e0009a8607d663659 12-Apr-2014 Narayan Kamath <narayan@google.com> Package manager changes for dual zygote stack.

- Pass down the app's instruction set to dexopt so that
it can compile the dex file for the right architecture.

- Also pass down the app's instruction set to rmdex, movedex
and getSize so that they can construct the cache file
location properly.

- Temporarily compile "system" jars such as am,wm etc. for
both architectures. A follow up change will ensure that
they're compiled only for one architecture (the same
arch. as the system server).

- Java "shared" libraries are now compiled for the right
architecture when an app requires them.

- Improve the app native library ABI detection to account
for system apps installed in /system/lib{64}/<packagename>
and also handle sdcard and forward locked apps correctly.

Change-Id: I4f380b146137803e51d56fdf355c3bdfc92c409d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a8e65fd82a323e6065ae9ae6cc8eaa130d3c1efd 24-Apr-2014 Kenny Root <kroot@google.com> Only remember the signer certificates for Signatures

Previously we would use the JarEntry#getCertificates API which would
return a flattened array of all the signers and their certificate chain.
Since this isn't what was intended, switch to reading the certificate
chains and only paying attention to the signer certificate.

In order to migrate during upgrades of the platform, we'll scan on boot
with a compatibility mode which will check the stores signatures in the
old format by flattening the chains of the scanned packages then
comparing the two sets.

Bug: 13678484
Change-Id: I02a5c53121d8d6f70a51d7e3b98168a41e11482e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
10596fbcce710a76ffc7e917400df13af5c2ebcb 28-Apr-2014 Elliott Hughes <enh@google.com> resolved conflicts for merge of 3ce4f3d0 to master

Change-Id: Id5c5997ad8f801b32e1dbd97413ea42e38c27210
3ce4f3d0af8b20f915631ab927aafa76a6105135 28-Apr-2014 Elliott Hughes <enh@google.com> am 685a0a72: am bbd87eb9: Merge "Track libcore.os\' move to android.system."

* commit '685a0a72d445515167a2071330679cdf9b53a62d':
Track libcore.os' move to android.system.
33417df78aea04a9afe6fe73958d2dac73338666 24-Apr-2014 Jeff Sharkey <jsharkey@android.com> Fix OEM native library path bug.

Bug: 13340779
Change-Id: I3d69b3453d3d284295bbfa771e6fb4a36bca05c5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
a466b101be24c1e0df098856fe0989749afe49ce 26-Apr-2014 Kenny Root <kroot@google.com> Merge "PackageManager: add versioning to packages.xml file"
c1c0d3c4f461be5649a64920cad7b58dd4162680 24-Apr-2014 Kenny Root <kroot@google.com> PackageManager: add versioning to packages.xml file

During development, a new feature might be added that requires the
packages.xml format be updated. To that end, add a database version
attribute that allows this to happen.

Change-Id: I3340a0bd55017acd625c3cba523cec10a18a4805
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
91097de49b0f683b00e26a75dbc0ac6082344137 05-Apr-2014 Dianne Hackborn <hackbod@google.com> Initial implementation of new voice interaction API.

This gives a basic working implementation of a persist
running service that can start a voice interaction when
it wants, with the target activity(s) able to go through
the protocol to interact with it. It may even work when
the screen is off by putting the activity manager in the
correct state to act like the screen is on.

Includes a sample app that is a voice interation service
and also has an activity it can launch.

Now that I have this initial implementation, I think I
want to rework some aspects of the API.

Change-Id: I7646d0af8fb4ac768c63a18fe3de43f8091f60e9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
898be168bda75b204611e8e24439d33213ecab5f 25-Apr-2014 Dianne Hackborn <hackbod@google.com> Merge "Add support for muliple active development codenames."
12e75126909152c448f70c48f3d2f2884cb359bd 25-Apr-2014 Christopher Tate <ctate@google.com> Merge "Fix native-lib dir assignment & updating"
ffcda1086185f217ebfbac0735f92fcc8a9196c8 24-Apr-2014 Dianne Hackborn <hackbod@google.com> Add support for muliple active development codenames.

The resource API level is also bumped by the number of
active codenames there are.

Change-Id: Ic1bac452d5c13dc3f48040ffa47f54b28abe2ccc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
353e39a973dbbadce82fee2f83ad194e04a47449 24-Apr-2014 Christopher Tate <ctate@google.com> Fix native-lib dir assignment & updating

The per-package /system/lib/* feature introduced bugs in the
native library path handling during app upgrade installs. The
crux of the fix is that when recalulating the desired native
library directory, the basis for the calculation needs to be
the scanned APK's location rather than the extant package
settings entry -- because that entry refers to the pre-upgrade
state of the application, not the new state.

Bug 14233983

Change-Id: I76c3249c72ecc055115d430529d386599e52ae42
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
07c79fcc7f2538e849a3f9961abb81df72b8d0a4 24-Apr-2014 Kenny Root <kroot@google.com> PackageManager: remove GET_CERTIFICATES boolean

This is a really old debugging flag that is not useful and also
dangerous.

Change-Id: I3badb5e361a8fe8458a355bf7d9ab055cb1b57d5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
740888f62eae158d5775be716620f0d56d87f587 18-Apr-2014 Christopher Tate <ctate@google.com> Handle /oem and /vendor as well

Bug 13170859

Change-Id: I95dec4cd68e3d64517d08b3f08eefb849ce37b86
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
addfbdc09ccf258395db8bfc510989a4c583f7ab 11-Apr-2014 Christopher Tate <ctate@google.com> Support per-package lib dirs for bundled apps

Bundled apps can now use /system/lib/apkname or /system/lib64/apkname
in addition to the (globally shared) /system/lib and /system/lib64
directories. Note that when an app is updated post hoc the update APK
will look to its normal library install directory in
/data/data/[packagename]/lib, so such updates must include *all*
needed libraries -- the private /system/lib/apkname dir will not be in
the path following such an update.

"apkname" here is the base name of the physical APK that holds the
package's code. For example, if a 32-bit package is resident on disk
as /system/priv-app/SettingsProvider.apk then its app-specific lib
directory will be /system/lib/SettingsProvider

Bug 13170859

Change-Id: Ic44cc75312f33d2f5d402a1c261b2eca3fe8badc
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f148f36d140e995ec8f755e60bbb0b37f33c3da7 10-Apr-2014 Narayan Kamath <narayan@google.com> am 9e289d70: am 1d26a3f1: am 09e13cc5: Merge "System services detect and register app CPU ABIs"

* commit '9e289d70a8baaed0030413b5991653792e2a816d':
System services detect and register app CPU ABIs
d11f223c535ed9ce628fe5aaf0fd5692dd0cf9e4 10-Apr-2014 Narayan Kamath <narayan@google.com> resolved conflicts for merge of 286a247e to master

Change-Id: I63df9d482da3ce2ac851959223b9180020ffad0c
9e289d70a8baaed0030413b5991653792e2a816d 10-Apr-2014 Narayan Kamath <narayan@google.com> am 1d26a3f1: am 09e13cc5: Merge "System services detect and register app CPU ABIs"

* commit '1d26a3f1efd0d965e8751e8515608c31789bdbe2':
System services detect and register app CPU ABIs
286a247e4c8fcecb59636f668678d24e33142744 10-Apr-2014 Narayan Kamath <narayan@google.com> am 0fd40cb1: am 80413c9f: Merge "Re-implement native library search and copies."

* commit '0fd40cb100bccbd5d9ad6109ca39c818a857f889':
Re-implement native library search and copies.
ed3db02c051f52f9ad3770e3c6b5b90c71a04fb1 04-Apr-2014 Christopher Tate <ctate@google.com> Significant preconditions are significant

If you are going to check whether we've failed yet, make sure that
the default state to test against has been established properly.

Bug 13790971

Change-Id: I7fc6ff1bbbd9e569df59dcb65cc30f120c128efa
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c935d1f11144443a91b3c03d7da82314db6e049b 31-Mar-2014 Christopher Tate <ctate@google.com> Refuse update of a system app if it changes its shared uid

Bug 13657183

Change-Id: I6d8fb9c8810ca896d2d10e5a80a3c4a50c9e4fed
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
f74aa094b413f113f7dd8cef0ce28fb933a27a5d 01-Apr-2014 Christopher Tate <ctate@google.com> Handle bad package name arguments sensically

Don't blithly go ahead and assume package name arguments are non-null,
and don't continue to do a bunch of work after an early failure on
invalid non-null package names.

Bug 13745101

Change-Id: I12ccae343066b39162dedeb46dc58869f55be0ba
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
0e290b7708e2ac59e645f499d8348a3a087a9568 31-Mar-2014 Nick Kralevich <nnk@google.com> am ce30fca8: am e531e2ec: am 3b2a9d22: Merge "Change when the SELinux relabel of /data/data occurs."

* commit 'ce30fca85deec8e268009a2acaefe85541ab1e58':
Change when the SELinux relabel of /data/data occurs.
ce30fca85deec8e268009a2acaefe85541ab1e58 31-Mar-2014 Nick Kralevich <nnk@google.com> am e531e2ec: am 3b2a9d22: Merge "Change when the SELinux relabel of /data/data occurs."

* commit 'e531e2ec6b311c35b077cc228e832b3f1530dffa':
Change when the SELinux relabel of /data/data occurs.
f1977b4500e82b72ea6aa5c46d97406a20017caf 25-Mar-2014 Christopher Tate <ctate@google.com> Expand install observer semantics

...and now fail conservatively when two apps both attempt to define
the same permission. Apps signed with the same certificate are
permitted to redefine permissions.

We also finally have a (hidden) interface class for observing package
installation so that we can now rev the interface without breaking
existing callers.

Bug 13551375

Change-Id: Ifa4e59154dcccbb286ee46a35a6f25e4ad0f0f01
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
7629a18a3f190368e6268d3f2827824905683268 26-Mar-2014 Glenn Kasten <gkasten@google.com> Revert "Expand install observer semantics"

This reverts commit ab8a501f255b272af887acb0e66eb71cdf24c755.

Change-Id: I4ab4ae1a96efa2adf9d5a513793d8b84eef38b4e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
ab8a501f255b272af887acb0e66eb71cdf24c755 25-Mar-2014 Christopher Tate <ctate@google.com> Expand install observer semantics

...and now fail conservatively when two apps both attempt to define
the same permission.

We also finally have a (hidden) interface class for observing package
installation so that we can now rev the interface without breaking
existing callers.

Bug 13551375

Change-Id: I3a286d024a30e812ee4b098f345401df3c00e178
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
c55f9c04427796d5b6f833fe43adffd9d7b99ad2 21-Mar-2014 Christopher Tate <ctate@google.com> Cap the size of app-defined permission trees

Bug 13529742

Change-Id: I46c2ebc39caf4a9eacbffbb35fc386c2a1cedc12
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
70b7d163aa0d4b2911eff525f83c9f245bfd9813 19-Mar-2014 Nick Kralevich <nnk@google.com> am 31654e19: am b630ffe3: am e75d340a: am 5c8e1a6e: Merge "Allow PMS to restorecon directories under /data."

* commit '31654e19c92c94675c0e2f2a86b59683d4c48d2f':
Allow PMS to restorecon directories under /data.
b630ffe3fdd72be186495f2c0a8d05b936a73d46 19-Mar-2014 Nick Kralevich <nnk@google.com> am e75d340a: am 5c8e1a6e: Merge "Allow PMS to restorecon directories under /data."

* commit 'e75d340ae5919942d19f57856ae9e3f8bc62e098':
Allow PMS to restorecon directories under /data.
1be762c1ba0f4ab57c9d2038620e03d45eeb1f0a 06-Mar-2014 Jeff Sharkey <jsharkey@android.com> Define an OEM directory, scan features and APKs.

To support OEM customizations, define a new top-level directory
that roughly mirrors the layout of the system partition. Scan this
location for (non-privileged) apps, and for additional features.

Bug: 13340779
Change-Id: Idb6d6626655061ee31ad952cab734d30ea6130b9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
00d115a7533df23027f671c90c0ae52684392e4a 14-Mar-2014 Brian Carlstrom <bdc@google.com> resolved conflicts for merge of aa737c49 to klp-modular-dev-plus-aosp

Change-Id: I1f4e555773fe6138efaf73444525da0f747b01d5
aa737c49df79749fe92b89d745eba7442762e2b5 13-Mar-2014 Narayan Kamath <narayan@google.com> am 9af19bee: am 52af2ca9: DO NOT MERGE - Remove data dirs if a new install fails dexopt.

* commit '9af19bee1c7da8d2e8bc6e40c6e9c1e28e0640c6':
DO NOT MERGE - Remove data dirs if a new install fails dexopt.
2d3ddc2ba9f86d795e437ea90dccb59cf1ebfd11 08-Mar-2014 Dave Allison <dallison@google.com> am 199670c4: am 324aa693: am b94904ab: am 3fc3b9fd: Merge "ART profiler usage."

* commit '199670c46a9950bd2e06af43ea082427b542060a':
ART profiler usage.
324aa693b82656809b97e307676adbbce37c3d95 08-Mar-2014 Dave Allison <dallison@google.com> am b94904ab: am 3fc3b9fd: Merge "ART profiler usage."

* commit 'b94904ab6dfbb9db7e8042f10886042a295857d4':
ART profiler usage.
75870cf391eb6f1ec91f512e0a6f28840093d413 06-Mar-2014 Dianne Hackborn <hackbod@google.com> am 75374879: am ea391750: am 5e578e17: am 40a26004: Issue #13308712: Add --checkin to package manager dump.

* commit '75374879938c1767b0266132672361487f2f58d4':
Issue #13308712: Add --checkin to package manager dump.
75374879938c1767b0266132672361487f2f58d4 06-Mar-2014 Dianne Hackborn <hackbod@google.com> am ea391750: am 5e578e17: am 40a26004: Issue #13308712: Add --checkin to package manager dump.

* commit 'ea391750fbf78b395b414147dba6426ad907431d':
Issue #13308712: Add --checkin to package manager dump.
7a4e519eda4e0e7bac9ad0159b29b11f61b50e01 05-Mar-2014 Christopher Tate <ctate@google.com> am 8106dce7: am a6c59158: am f63ae644: am 1e995c76: Merge "Update PackageMonitor to recognize new \'replacing\' semantics" into klp-dev

* commit '8106dce705ba69d5bc0ccafa8e21068216f42a5f':
Update PackageMonitor to recognize new 'replacing' semantics
8106dce705ba69d5bc0ccafa8e21068216f42a5f 05-Mar-2014 Christopher Tate <ctate@google.com> am a6c59158: am f63ae644: am 1e995c76: Merge "Update PackageMonitor to recognize new \'replacing\' semantics" into klp-dev

* commit 'a6c59158761423551941f6ed338a117658e581ad':
Update PackageMonitor to recognize new 'replacing' semantics
98bab263500b258025c9c6ca64f8aaff7dc914f4 27-Feb-2014 Christopher Tate <ctate@android.com> am 4522bd12: am a58c03f6: am 41bfe121: am 16678ac6: Merge "Fixed upgrading from forward-lock application to system application"

* commit '4522bd12a4f3d2b0c3156fc70937f78bed15a1f8':
Fixed upgrading from forward-lock application to system application
a58c03f603cd90d1fed5566c88af5cd6c6f4caf5 27-Feb-2014 Christopher Tate <ctate@android.com> am 41bfe121: am 16678ac6: Merge "Fixed upgrading from forward-lock application to system application"

* commit '41bfe121cfa889df803a8916000e1fd0fbe87d5a':
Fixed upgrading from forward-lock application to system application
f475ca33d9232785710aaa438f17915029dfa83b 17-Feb-2014 Sander Alewijnse <salewijnse@google.com> Enables a profile owner or device owner to set and clear default intent handler activities.

Those intent handlers are persistent preferences. They will remain the default intent
handler even if the set of potential event handlers for the intent filter changes
and if the intent preferences are reset.

Change-Id: Id0cfae46f93c10d89e441f272096a205ec518dd0
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
55b8ddc30386ec15073304b1f9fabc7eb789f52e 19-Feb-2014 Adam Lesinski <adamlesinski@google.com> am 0817d16c: am 04520a01: am 6feaa267: Merge "Add fastpath for single signature comparison" into klp-modular-dev

* commit '0817d16c539ca6b499da9f807e8ac6988233e9c3':
Add fastpath for single signature comparison
04520a01b8469729379e73a7995a188ffea2b187 19-Feb-2014 Adam Lesinski <adamlesinski@google.com> am 6feaa267: Merge "Add fastpath for single signature comparison" into klp-modular-dev

* commit '6feaa267a585f22595f846c9e3d09a76dc3db47a':
Add fastpath for single signature comparison
f5b3a01e54d9b2e496f865e05b18f9455b0b8038 19-Feb-2014 Adam Lesinski <adamlesinski@google.com> Add fastpath for single signature comparison

PackageManager does not need to create a hash set
when comparing two sets of signatures, where each set
contains one signature. This is the common case for
most applications.

Bug:13029313
Change-Id: I61883d85960db7b376e234d7abae6149c4d20245
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d5c8044e7e1f1402fdd4a035690329294ab07b33 12-Feb-2014 Nick Kralevich <nnk@google.com> resolved conflicts for merge of 1cbea39f to master

Change-Id: Ib33484546c6a03cbc4cd96e97d9d785d68e10700
dd3d95f182a634acdcc1b1e8e4954234d048eb54 12-Feb-2014 Nick Kralevich <nnk@google.com> resolved conflicts for merge of 4ad93639 to klp-modular-dev-plus-aosp

Change-Id: I7ad222301ec0b863d48a1a9a839469436c385ea0
7b0e2827153752ae51c3ae80746e42ee185e7358 11-Feb-2014 Jeff Sharkey <jsharkey@android.com> Merge "First <provider> always wins."
c6809bb6853c6f055905cbbbf873bbe4066c5d21 11-Feb-2014 Jeff Sharkey <jsharkey@android.com> First <provider> always wins.

In scanPackageLI(), the first provider to claim an authority wins
over any other later providers. To match this behavior, this changes
ProviderIntentResolver to ignore later providers with the same
ComponentName.

Without this behavior, AM.getContentProvider() could end up wedged
waiting for a provider that generateApplicationProvidersLocked()
never decided to spin up.

Bug: 12956224
Change-Id: I37d3e6e9cf3eea2cac4c0e914134f6c83b2fc2bf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
d8efad825df245f0b235a91fdb381b5be8248379 10-Feb-2014 Christopher Tate <ctate@android.com> am 88daefd4: am 379bb6ed: am ff27e6bc: Merge "Use canonical path for /vendor/app"

* commit '88daefd40767695f7e8a67d1d52dfaac2ab6bdb6':
Use canonical path for /vendor/app
88daefd40767695f7e8a67d1d52dfaac2ab6bdb6 08-Feb-2014 Christopher Tate <ctate@android.com> am 379bb6ed: am ff27e6bc: Merge "Use canonical path for /vendor/app"

* commit '379bb6ed4ea4de035569b04018f84d7ce95a8036':
Use canonical path for /vendor/app
8b3e3ecc3d1a0ab45c02e7cb84bc7db856d21f1d 09-Jan-2014 Christopher Tate <ctate@google.com> Update PackageMonitor to recognize new 'replacing' semantics

The ACTION_EXTERNAL_APPLICATIONS_UNAVAILABLE broadcast now uses the
EXTRA_REPLACING intent extra when it is sent as part of an upgrade operation
on a forward-locked application. Update PackageMonitor to recognize this
new information and express it appropriately to the observer.

Bug 11988313

Change-Id: I34dfaa965dd322f4fa8945e7b83c9f2e8cf5269a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
79bea304eababaae0421a0ee563f783faf1638ac 22-Jan-2014 Christopher Tate <ctate@android.com> am 46c95dfc: am b450505c: am a7a9327b: am 5474f085: am 9fc157a4: Merge "FLAG_PRIVILEGED disappears if privileged app is updated and rebooted"

* commit '46c95dfc1009607184ea023921e1f262f38cd61e':
FLAG_PRIVILEGED disappears if privileged app is updated and rebooted
46c95dfc1009607184ea023921e1f262f38cd61e 22-Jan-2014 Christopher Tate <ctate@android.com> am b450505c: am a7a9327b: am 5474f085: am 9fc157a4: Merge "FLAG_PRIVILEGED disappears if privileged app is updated and rebooted"

* commit 'b450505c2e0d0dfd67bc228961a00a6eaaf092df':
FLAG_PRIVILEGED disappears if privileged app is updated and rebooted
509cc13b705f8c488774e7097ab17471c3dacd2e 18-Jan-2014 Jeff Brown <jeffbrown@google.com> am e2c9cd58: Merge "Refactor display manager service to new pattern." into klp-modular-dev

* commit 'e2c9cd583f4f706b48270b8cbe84df627c69af24':
Refactor display manager service to new pattern.
84aa8ab3c6b6cd5fca2a06e47ae29c01b037eed8 17-Jan-2014 Dianne Hackborn <hackbod@google.com> Merge "Add --checkin to package manager dump."
60dc0d97fc0a40caae2fa91fbf296b8ac630d748 17-Jan-2014 Dianne Hackborn <hackbod@google.com> Add --checkin to package manager dump.

Change-Id: Ibafd82f40dd4fa6a5b700a8b6725b007a528a92f
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
4ccb823a9f62e57f9d221f83a97e82967e79a9e5 17-Jan-2014 Jeff Brown <jeffbrown@google.com> Refactor display manager service to new pattern.

Transform DisplayManagerService into a SystemService and start cleaning
up other local services that it uses from window manager and input manager.

Clean up service thread initialization.

Remove unnecessary static variables from ActivityManagerService.

It's starting to become clear that we really need a better way to manage
service dependencies. Boot phases don't quite cut it.

Change-Id: If319dbd7cbfbd4812fe55ece969e818d4b20755b
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
09d30981f8e882ffaa336aa4665bfe348557895a 16-Jan-2014 Jeff Brown <jeffbrown@google.com> resolved conflicts for merge of 6f357d32 to master

Change-Id: I1979e6ed1acddbe656f5010114fd900f10865e75
6f357d3284a833cc50a990e14b39f389b8972254 16-Jan-2014 Jeff Brown <jeffbrown@google.com> Start untangling system server early bootstrapping.

Refactored SystemServer to get rid of a bunch of legacy cruft related
to how the ServerThread used to be started up.

Create system context first when system server starts. This removes
the tangled initialization order dependency that forced us to start
the activity manager service before most anything else.

Moved factory test related constants into the FactoryTest class.

Partially migrated Installer, ActivityManagerService, and
PowerManagerService to the new SystemService pattern. There's more
work to be done here, particularly around the lifecycle of the
power manager.

Bug: 12172368
Change-Id: Ia527dd56e3b3fd90f9eeb41289dbe044921230d4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
08af733f87857dc8fdb83f25554874bd6a561287 08-Jan-2014 Christopher Tate <ctate@google.com> Don't just log this warning; record the situation for posterity

When a previously 3rd-party permission declaration is superseded
by a new system-owned declaration, don't just log; leave a persistent
record of the fact for post-hoc recognition of what happened even
after reboots.

Change-Id: I816a5003f8f8ef2dfbdbfa36316c4bae5005dfbf
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java
49782e46c0eb85a25ae2abcf80880c48dbab5aea 20-Dec-2013 Amith Yamasani <yamasani@google.com> am 9158825f: Move some system services to separate directories

* commit '9158825f9c41869689d6b1786d7c7aa8bdd524ce':
Move some system services to separate directories
9158825f9c41869689d6b1786d7c7aa8bdd524ce 22-Nov-2013 Amith Yamasani <yamasani@google.com> Move some system services to separate directories

Refactored the directory structure so that services can be optionally
excluded. This is step 1. Will be followed by another change that makes
it possible to remove services from the build.

Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerService.java