| cdd685c07504223e37e7831ce592446ec4ac6f6a |
|
22-Aug-2017 |
Svetoslav Ganov <svetoslavganov@google.com> |
Use all certs for computing package signing sha256
In several places we compute the sha256 of the app's signing certificate
(instant cookie storage, backup account permission grants, static shared
lib matching). It is possible that an app is singed with multiple certs
which unfortunately can appear in a random order. We were using only the
first certificate to compute the hash which may be problematic for apps
signed with multiple certs which are later reordered. If an app update's
certs are reordered for cookie storage the app would not be able to
access the cookie, for account grants the app would not get the grant,
and for shared libs the app would fail to install due to a missing lib.
Test: all cookie CTS tests pass
all static shared lib CTS tests pass
added test that cookie data not lost on sha256 computation change
added test that lib install works when specifying
multiple certs
bug:64270295
Change-Id: Ib6b55f25da735ff5c2762faf6e9b5888e749041d
/frameworks/base/services/core/java/com/android/server/accounts/AccountManagerBackupHelper.java
|
| 8cd927d8ea08cba89ac02dfd50ed42b486bd7f53 |
|
28-Mar-2017 |
Fyodor Kupolov <fkupolov@google.com> |
Introduced additional lock - dbLock
Right now it is always used with cacheLock. In the future, we will be
adding optimizations to reduce cacheLock contention by only holding it
when updating the cache.
This change is non-functional and doesn't change the current locking
contract
Test: Manual + AccountManagerServiceTest
Bug: 36485175
Change-Id: Iebc437463958d33b32fc1273a84680c22ac60825
/frameworks/base/services/core/java/com/android/server/accounts/AccountManagerBackupHelper.java
|
| 00de49e20ddb0d8ab5ab2d65e47bf98a040bc97b |
|
23-Sep-2016 |
Fyodor Kupolov <fkupolov@google.com> |
Introduced AccountDb API replacing helpers
Refactored AccountsDb to provide unified interface for interacting with
CE/DE database.
Benefits of the new API:
- Better encapsulation - only relevant methods are exposed.
Implementation details are hidden in private helper classes.
- Clients can now treat CE tables as if they were in DE database, but
only available when the user is unlocked.
- Opening database is now implicit - no more getReadableDatabase
/getWritableDatabase calls. Clients only need to define transaction
boundaries, when necessary.
Test: Refactoring
Bug: 30639520
Change-Id: I08b1fc95b7a633b036e05e8ef7e8ebd239187aa1
/frameworks/base/services/core/java/com/android/server/accounts/AccountManagerBackupHelper.java
|
| 1ce0161e30de2585f67e9c42ad98b33ab0333f46 |
|
26-Aug-2016 |
Fyodor Kupolov <fkupolov@google.com> |
Extracted persistence layer into a separate class
Introduced AccountsDb class and moved all DB-accessing methods there.
The methods are organized by the database:
- DeDatabaseHelper - provides access to accounts_de data
- CeDatabaseHelper - access to accounts_ce
- PreNDatabaseHelper - migration logic from a pre-N single database to two databases in N
- DebugDbHelper - debug table + helper methods
Notable improvements:
- logRecord methods no longer opens SQLiteDatabase (it was actually unused
down in the call chain)
- Clean separation between business and persistence logic - no more
sql statements concatenation in the AMS code.
Test: Refactoring CL.
Bug: 30639520
Change-Id: I41bd1abe47a23efbc735344413f32cbb68a5c8af
/frameworks/base/services/core/java/com/android/server/accounts/AccountManagerBackupHelper.java
|
| 5d09c998a03eea53218c3b3c40e20db1b7693c9c |
|
07-Sep-2016 |
Svet Ganov <svetoslavganov@google.com> |
Backup account access grants
Sync adapters without an account access cannot run until the
user approves the account access (for the case the account
access is not allowed by other policy such as being singed
with the same cert as the authenticator). If the sync adapter
does not have permission to access the account we ask the
user to grant access and take a note. This CL adds backup
for the explicit user grants.
bug:31162498
Change-Id: I31e3f3d010475352c7c54255ac2d3a2fed4d0c72
/frameworks/base/services/core/java/com/android/server/accounts/AccountManagerBackupHelper.java
|