• Home
  • History
  • Annotate
  • only in /frameworks/base/core/java/android/os/storage/
History log of /frameworks/base/core/java/android/os/storage/
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
b4ee5d7b42918e9ad2bf23ecf4bb6c2200f24ae3 22-May-2018 Jeff Sharkey <jsharkey@android.com> Build browse intents based on target user.

SystemUI runs under a single user (user 0), and needs to build
browse intents for secondary users. To accommodate this, the safety
check recently added to buildBrowseIntent() needs to be relaxed
when building for a non-current user.

Bug: 79733193
Test: builds, boots
Change-Id: Icce014bf824d0a0ee15e3d84c34f1c2b73d213c1
1e62b676d92c23475c812023ad2be0ac2bf9250f 15-May-2018 Jerry Zhang <zhangjerry@google.com> Merge "Access removable volumes through /mnt/media_rw" into pi-dev
71938e18ca4ad77519da70565710ef37e79443f8 11-May-2018 Jerry Zhang <zhangjerry@google.com> Access removable volumes through /mnt/media_rw

Due to permissions changes, we now need to access
the underlying filesystem of removable devices in
order to get write access.

Add internalPath to StorageVolume, and have VolumeInfo
set the field on creation.

Bug: 77849654
Test: Can write to emulated sdcard through MTP
Change-Id: I63302ecf2dd2600a1c9f3f6ab106c3695654cbaa
b00d5ea59a5218cde5d7b2e84572f6fd26611f25 01-May-2018 Jeff Sharkey <jsharkey@android.com> Return to modifying raw /mnt/media_rw paths.

We thought we could push everyone through sdcardfs, but secondary
devices mounted in a stable location don't give full write access to
apps holding WRITE_EXTERNAL_STORAGE, so system internals still need
to reach behind sdcardfs.

To keep sdcardfs in the loop about changes that we make behind its
back, we issue access(2) calls which should be enough for it to
invalidate any cached details.

Bug: 74132243
Test: manual
Change-Id: I727cd179a5a825b16ec4df6e2f41a079758d41c5
901c04270f5968137d5c2911c5174003f3e2ecfe 20-Apr-2018 Jeff Sharkey <jsharkey@android.com> Extend adoptable override to force on or off.

Virtual disks are adoptable by default, but for debugging purposes
we want to treat them as unadoptable in some cases. Add the ability
for the "sm" shell command to force on/off, or return to default.

Bug: 77849654, 74132243
Test: manual
Change-Id: Ieda317396624ca081e5dd9568795483f684f9297
46270712917d8e3cdf29af63b290a6ebf4a9b369 02-Apr-2018 Jeff Sharkey <jsharkey@android.com> Update storage wizard to latest UX mocks.

Changes to support Settings updates.

Bug: 76097999
Test: manual
Change-Id: I8944d4cb7be6a406d5cb6be25ff261b7631b3331
ee1661f7cdf912f492023a75afa5178cde4a69ec 30-Mar-2018 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Handle public volumes and otherwise invalid UUIDs." into pi-dev
18f325012d1c807f2b0a9c577868722cc5fe4252 29-Mar-2018 Jeff Sharkey <jsharkey@android.com> Handle public volumes and otherwise invalid UUIDs.

Public volumes have short UUIDs (which aren't valid 128-bit UUIDs),
so we can't pass them around. Even if they were valid UUIDs, we
don't handle clearing cached data on them, and they most likely
don't support fallocate(), so don't match them.

Test: manual
Bug: 74132243
Change-Id: Ib855eb869a86392e96ced94a9926c0b32b87e57e
18bbed586595cd6bb4c77d5edac03316bb3a5645 29-Mar-2018 Jeff Sharkey <jsharkey@android.com> Only return internal path when not visible.

When a volume is visible (wrapped in sdcardfs), we need all file
operations to go through that sdcardfs layer to keep it in sync.

Test: manual
Bug: 73922090
Change-Id: I14f1f4743f470a6cbc78030e1ea8411f9910a5b9
0000d8aef85058d290527efd452bd3ac7bc09804 27-Mar-2018 Jeff Sharkey <jsharkey@android.com> Public volumes only browsable by mounting user.

We can't browse public volumes mounted for a different user, so don't
return an Intent claiming that we can, since it'll just fail.

Test: manual
Bug: 74056525
Change-Id: Iba4e52c2672258b981d2912875e55949bb35e310
d1257462c2c8e611fe2c52739d4d3cf5a676ea37 27-Mar-2018 Jeff Sharkey <jsharkey@android.com> Public volumes are only visible to mounted user.

New lower-level security fixes are blocking access, so make these
upper-level APIs reflect those properties.

Test: manual
Bug: 68857050
Change-Id: I81160755180f4f419d8577ea1f18a6ece10c560c
841fd43338d17d730c3464f33536e424d63b6578 01-Mar-2018 Rubin Xu <rubinxu@google.com> Stop invoking secdiscard when deleting password data

secdiscard never works on recent devices; stop calling it to
reduce the false SELinux denials messages. Just logically
zeroize the data before unlinking it.

Bug: 62140539
Test: flash device; change PIN; observe no SELinux error messages.
Change-Id: I5f47fc81735a7d9995c2da9e52a25ae903db3ced
0095a82b14e22cb5283abf210d1e7f106f53aca5 15-Feb-2018 Jeff Sharkey <jsharkey@android.com> Grant DCS storage access; better OBB errors.

DCS had been relying on the WRITE_MEDIA_STORAGE permission to access
OBBs on external storage, but that permission has been locked down,
and we need to use the real WRITE_EXTERNAL_STORAGE permission now.

Rework the OBB error reporting flow to bubble exact error codes up
from internals, so that we can return expected CTS error codes.

Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Bug: 73424392
Change-Id: Iecbc4132745d56ebf081868ad2f9c3efe1e3735f
ad357d1839760849fcbcb8cbdce34003e8831acd 02-Feb-2018 Jeff Sharkey <jsharkey@android.com> Pass in the user defined by Context.

The majority of Manager-style classes already use Context.getUserId()
when making calls into the OS, so clean up the remaining callers to
unify behind this strategy.

This gives @SystemApi developers a nice clean interface to interact
across user boundaries, instead of manually adding "AsUser" or
"ForUser" method variants, which would quickly become unsustainable.

Test: builds, boots
Bug: 72863821
Exempt-From-Owner-Approval: trivial changes
Change-Id: Ib772ec4438e57a2ad4950821b9432f9842998451
12e15cc6ed0ebe29c1822945172c30864feb6c58 12-Jan-2018 Felipe Leme <felipeal@google.com> Created hidden constants and metrics for ScopedAccessProvider.

Test: echo 'Not yet!'
Bug: 63720392

Change-Id: I811cde225fdcf5271fda9b357da742e408de0627
55fe0d06869926481c1d32f1d6b4e497868c63c4 08-Jan-2018 Jeff Sharkey <jsharkey@android.com> Wire up reserved blocks presence for tests.

This is how we tell CTS if the device has reserved blocks set aside
for system critical services.

Test: builds, boots
Bug: 62024591
Change-Id: Ib970554235b49346f9e9df7d3d1646beb168cd92
9f2dc0527e755743c3b13fb27f68e5c425276106 08-Jan-2018 Jeff Sharkey <jsharkey@android.com> Add DataUnit to clarify SI-vs-IEC units.

Mirrors the design of TimeUnit and ChronoUnit which many developers
are already familiar with, making it easy to pick up and use.

Yes, this is an enum.

Bug: 70915728
Test: bit FrameworksCoreTests:android.util.DataUnitTest
Change-Id: Id0cfdac5c81ed89c3c9ece23c964acba4a4f8471
8eb783b21e38b15e41a8268d6b08f24bc62bc21f 05-Jan-2018 Jeff Sharkey <jsharkey@android.com> FBE devices now fully support adoptable storage.

We've finished all the underlying work to support adoptable storage
on FBE devices, so remove the code that was disabling it by default.

Introduce feature flag to make it easier to detect devices that
support adoptable storage.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 29923055, 25861755, 33252673, 37289651
Change-Id: I3630d690c9e66c7e41e316a4263ea2eb1e752ad3
bef82eda3a9531da62a0745694d862a874b0cde9 03-Jan-2018 hj.seo <hj.seo@lge.com> Merge "Modify getting of primary storage size" am: 1c876b73b3 am: f8adea8255
am: 35d0ac5e07

Change-Id: I9ba0f6ac701174a1d6cdfdbc5008d40715295546
e82e89ef9033f02489503196df6da0654ae007be 20-Dec-2017 hj.seo <hj.seo@lge.com> Modify getting of primary storage size

Settings application shows internal storage size using API getTotalBytes in StorageStatsManager.
This API calls getPrimaryStorageSize() in StorageManager.
getPrimaryStorageSize() returns /data parition size calculated API roundStorageSize() in FileUtils.
Using this API, total primary storage size returns 8GB if 16GB emmc size device has /data partition size below 8GB.
So we should modify getting of primary storage size close to real emmc size.
getPrimaryStorageSize() will be calculated sum of /data and /system partition size.

Test: Check primary storage size in Settings application

Change-Id: I3ad33534b1c55d09afbb0e9be1c408c02c442842
Signed-off-by: hj.seo <hj.seo@lge.com>
f9c5c2574d95b6d233ebae8beae110f4e15c52c5 17-Aug-2017 Jerry Zhang <zhangjerry@google.com> Add MtpStorageManager for monitoring filesystem events

MtpStorageManager keeps track of file information and
send notifications for new files. MtpDatabase now uses
this instead of MediaProvider for getting object information,
although some operations are still reflected into MP.

Since MtpStorageManager handles storage ids, remove
that field from StorageVolume and VolumeInfo.

Clean up a lot of the jni code for MtpDatabase.

Bug: 63143623
Test: Test every MtpOperation in a variety of situations on Linux and
Windows. Also use the shell to manipulate files. Verify that the cache
is consistent throughout, and the operations behave as expected. Verify
files created by the shell appear.
Test: adb shell am instrument -w android.mtp /android.support.test.runner.AndroidJUnitRunner
Change-Id: Id4ea810047b0c323399cd833047733e5daafb30a
ce8db9911494225fcd99711d7df85a130de5a6ce 14-Dec-2017 Jeff Sharkey <jsharkey@android.com> Add more IntDef prefixes for auto-documenting.

Test: builds, boots
Bug: 70177949
Exempt-From-Owner-Approval: annotation-only changes
Change-Id: I76dde6054e06f52240bd4b1a0f196dcb74623608
ae266468241d7b62bce71c371383c8dfa95a3bb0 27-Nov-2017 Jeff Sharkey <jsharkey@android.com> Skip FDE-specific operations, mkdir() throwing.

vold already complains about calls that are FDE specific, which
results in a lot of wtf() noise, so skip those operations outright.

Throw from failed mkdir() back to caller instead of wtf().

Test: builds, boots
Bug: 68736572, 68736551
Change-Id: I4dc06bdedacd2b66a1e7ae8e1434b194a875a756
a85b9919f5aa284347ea8d0bac4d1ec3242c208c 18-Oct-2017 Jin Qian <jinqian@google.com> Add entry points to invoke idle maintenance from vold

Test: adb shell sm idle-maint [run|abort]
Bug: 67776637
Change-Id: Ibc686a318f6f79a4f8303f56451bc1d573d829e8
7e19f53f75386eab289a2ddf33dd6619775d6f21 06-Nov-2017 Jeff Sharkey <jsharkey@android.com> Abort long-running benchmarks, report progress.

A typical storage device finishes the benchmark in under 10 seconds,
but some extremely slow devices can take minutes, resulting in a
confusing UX that looks like we've frozen. Even worse, we keep
churning through all that I/O even though we know the device will
blow past our user-warning threshold.

So periodically check if we've timed out, and also use that to report
progress up into the Settings UI.

Test: manual
Bug: 62201209, 65639764, 67055204
Change-Id: Id28e63a7ea1476d83184abab5aea737a1d193f3a
f8bb2445ff28d64d12d81d91539bb419f69e7874 22-Sep-2017 Jeff Sharkey <jsharkey@android.com> Finish removing ASEC.

Awhile back we explicitly blocked any new ASEC installs, with the
expectation that we'd eventually remove the logic entirely. We've
had them disabled for about a week now without incident, so let's
rip out the remaining code.

Test: bit FrameworksCoreTests:android.content.pm.PackageHelperTests
Test: bit FrameworksCoreTests:android.content.pm.PackageManagerTests
Bug: 32913676
Change-Id: I1ecc35487420731f5c4bdf03bca5751548ce51b3
b302c54f11d5468100c566fba8e70d8614490e1a 15-Sep-2017 Jeff Sharkey <jsharkey@android.com> Move long-running calls to async with listeners.

Now that we're using Binder, we can have callers provide explicit
listeners for every request instead of trying to squeeze them all
into unsolicited socket events.

Move benchmarking to be async to avoid blocking other commands for
up to several minutes. Remove post-trim benchmarking flag, since
benchmarking now requires a separate callback. Will bring back in
a future CL.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Test: adb shell sm fstrim
Bug: 62201209, 13758960
Change-Id: I26f76c66734ac2fd0f64713b8ab9828430499019
8058fe691c986b5f4385f08467308ffe060ee0ad 13-Sep-2017 Jeff Sharkey <jsharkey@android.com> Move unsolicited vold events to Binder.

Create IVoldListener and move most unsolicited vold events over to
this new interface. The remaining events will be routed through
method-specific listeners instead of a global one.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.DirectBootHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Bug: 13758960
Change-Id: I492dacfaf98eeb66868b2cf7dfa27d84f6710948
43e12114d495e35fba1a15beea2f30b58046208b 13-Sep-2017 Jeff Sharkey <jsharkey@android.com> Move all crypto commands over to Binder.

Prefix FDE related commands with "fde" to make it clear which devices
they apply to. This will also make it easier to remove once FDE
is fully deprecated in a future release.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.DirectBootHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Bug: 13758960
Change-Id: I6a9f7a47267d2464257d8066aa37353ec5741974
41cd681ff8de59babf915a3f48b4a848dd39a754 11-Sep-2017 Jeff Sharkey <jsharkey@android.com> Move even more vold commands over to Binder.

This moves fstrim, obb and appfuse commands over to the new Binder
interface. This change also separates creating/destroying and
mounting/unmounting of OBB volumes, which means they finally flow
nicely into the modern VolumeInfo/VolumeBase design.

Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Bug: 13758960
Change-Id: I4de45889828a9ab9858cc7c4f094a90eaff10f96
ace874b15bdfb5fa74c33c709bcfa37022579797 07-Sep-2017 Jeff Sharkey <jsharkey@android.com> Move "volume" commands over to Binder.

Keep the old socket-based commands intact for awhile so we can
rapidly disable this change using the ENABLE_BINDER feature flag.

Define constants in AIDL to keep Java and C++ in sync.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.ExternalStorageHostTest
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 13758960
Change-Id: Ie0d917c921b0b826e6bdf55a5d678b247ef352a6
67f9d5070a74a0bf34f0335899a96dedcac26c96 05-Aug-2017 Jeff Sharkey <jsharkey@android.com> Fix broken javadocs.

Bug: 64337634
Test: make -j32 doc-comment-check-docs
Change-Id: I20fdd3dcddef09111d35946c41c596c7689effa6
4233f032fd41e82d1ce09b48860f8ae3f73fa5e0 15-Jul-2017 Jeff Sharkey <jsharkey@android.com> Test if allocation supported; @removed clean up.

SM.allocateBytes() doesn't offer a clear way to detect if a failed
request could ever succeed. (For example, we can never work with
pipes, or files on an unsupported storage device.) So give
developers a first-class API to test if allocation is supported.

If the underlying filesystem doesn't support fallocate(), fall back
to ftruncate() instead of failing completely.

Clean up @removed APIs that were refactoring during API 26 review

Remove support for storing downloads on the /cache partition, which
doesn't exist on many devices.

Bug: 63057877
Test: bit DownloadProviderTests:*
Test: bit DocumentsUITests:com.android.documentsui.services.CopyJobTest
Test: bit DocumentsUITests:com.android.documentsui.services.MoveJobTest
Change-Id: I85d42a1a7240034b4f2a6f359011ac182bdce36e
a65e6491e4aa90611045ecf696db4bf3328d09bc 21-Jun-2017 Jeff Sharkey <jsharkey@android.com> Progress towards FBE and adoptable storage.

Offer to adopt storage devices on FBE devices, but keep it guarded
behind a system property for now, since we still need to work out key
storage details.

Verify that all users are unlocked before moving apps or shared
storage. We only need them to be unlocked; we don't need them to
be actually running.

Have PackageManager dump the set of volumes that it's finished
scanning and loading, since otherwise CTS can get excited and race
too far ahead of it. Add a specific error code to communicate
that users are locked.

Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 37436961, 29923055, 25861755, 30230655
Change-Id: I749dc3d8148e1a95d8bc4be56665253ef826d3fe
10e0b425bc3d23a7bec92e1eed49cbdd5f05fc78 13-Jun-2017 Jeff Sharkey <jsharkey@google.com> Merge "Improve developer docs for storage APIs." into oc-dev am: 05b52d8ba5
am: f96c9a0fa2

Change-Id: Ifef4156412f88e1d7bc3d8bbccaca6d0177c7245
35e46d297255363a20ccde62af3c58c4ce3c13c5 09-Jun-2017 Jeff Sharkey <jsharkey@android.com> Active camera apps can defy reserved cache space.

We normally prevent apps from allocating into the "reserved" cache
space, but this change makes an exception for an active camera app,
since the user is probably trying to capture an important memory.

This change only lets the active camera app clear up to half of the
reserved space, since we don't want to completely destroy the
experience of all other apps.

Test: manual app before/during/after active camera session
Bug: 38267830
Change-Id: Ie9e63884fb2638ca881e10b894629eea84601648
b31afd22737e847280213878cd94872055871654 12-Jun-2017 Jeff Sharkey <jsharkey@android.com> Improve developer docs for storage APIs.

No code changes; only docs.

Test: builds
Bug: 38508833, 37987197, 37978296
Change-Id: Idfeb680480b2f818d18f787cbf20ceab896763a2
2063e4f6ba6cb606db3dfd5b67927ec36ea78f68 07-Jun-2017 Jeff Sharkey <jsharkey@android.com> Remove old FUSE bypass now that we have sdcardfs.

This forces everyone to go through sdcardfs, instead of letting them
around the back door.

Test: builds, boots
Bug: 38231314, 27992761
Change-Id: I97b24d25599c7f86f9b535689e2f4ecf68261dac
bfc4fcde9f756337fc8d0867ff04549b08688fff 06-Jun-2017 Jeff Sharkey <jsharkey@android.com> Give Doclava our manifest; more permission docs.

We've seen some @SystemApi methods protected with non-system
permissions, so give Doclava the platform AndroidManifest.xml so it
can parse the actual permission protection levels to look for APIs
that are letting in non-system apps.

Also document more @SystemApi permissions.

This is purely a docs change; no logic changes are being made.

Test: make -j32 update-api
Bug: 62263906
Change-Id: Ie0f0a5fb0033817bcc95060f2183a52ae4ae7b06
d86b8fea43ebb6e5c31691b44d8ceb0d8d3c9072 03-Jun-2017 Jeff Sharkey <jsharkey@android.com> Annotate @SystemApi with required permissions.

Most @SystemApi methods should be protected with system (or higher)
permissions, so annotate common methods with @RequiresPermission to
make automatic verification easier.

Verification is really only relevant when calling into system
services (where permissions checking can happen on the other side of
a Binder call), so annotate managers with the new @SystemService
annotation, which is now automatically documented.

This is purely a docs change; no logic changes are being made.

Test: make -j32 update-api && make -j32 offline-sdk-docs
Bug: 62263906
Change-Id: I2554227202d84465676aa4ab0dd336b5c45fc651
ddff807b762a8a455287abc97aea8f97b98fb104 26-May-2017 Jeff Sharkey <jsharkey@android.com> Consistent "low storage" behavior.

When answering the question "how much space is free", use the same
logic for Settings UI and StorageManager.getAllocatableBytes(). That
is, the reported free space is usable bytes plus any cached data the
system is willing to delete automatically.

This does *not* include any reserved cache space, since we don't want
abusive apps to penalize other well-behaved apps that are storing
their data in cache locations. Callers freeing cached data need to
now explicitly request defiance of the reserved cache space. (Most
callers are already doing this by using FLAG_ALLOCATE_AGGRESSIVE.)

Rewrite the core logic of DeviceStorageMonitorService to understand
this new "reserved" cache space, and to be easier to understand. It
also now handles cached data on adopted storage volumes, which had
been ignored until now. Also fix bug where we had skipped "low"
broadcasts when the device skipped directly from/to "full" state.

Bug: 38008706
Test: cts-tradefed run commandAndExit cts-dev -m CtsJobSchedulerTestCases -t android.jobscheduler.cts.StorageConstraintTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.StorageHostTest
Change-Id: Icbdcf3b52775f7ada1ceaeff2f96094c8d8052f9
ee67b61bb08ab09be413f181f948f6359f4c256d 27-Apr-2017 Rubin Xu <rubinxu@google.com> Invoke BLKSECDISCARD to securely delete sensitive data

Bug: 34600579
Test: manual - change device lock under synthetic password, verify
old data on disk is erased.

Change-Id: I247bd1f095dd27335e671981f9e2d77e149af84f
Merged-In: I247bd1f095dd27335e671981f9e2d77e149af84f
4315c1e3d541912eb13ec6a7e0873fb8896f878f 28-Apr-2017 Jeff Sharkey <jsharkey@google.com> Merge "@hide non-Handler variant of SM.openProxyFileDescriptor" into oc-dev
2443a091b1dd379f6a3732b57299ac1690cbcd5a 28-Apr-2017 Daichi Hirono <hirono@google.com> @hide non-Handler variant of SM.openProxyFileDescriptor

Bug: 37749462
Test: Build succeeded
Change-Id: I2e3d0cf9e219353eae4dae384c93d99b9ef60ea9
a4d34d971c9566a162a53e6b027ba2bc341ae5b4 27-Apr-2017 Jeff Sharkey <jsharkey@android.com> Respond to API council feedback.

Move aggressive allocation to @SystemApi, which means we can hide
the "flags" API variants.

Remove UUID APIs, since we should use existing Serializable APIs.

Relax permission checks to allow apps to ask for their own stats.

Improve docs.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.StorageHostTest
Bug: 37534687, 37534941, 37718184, 37738770
Change-Id: I6a763fb3ab3169c8d3329765bb31e1ee08d9ced7
4b32f7c676e014c3d59aac280be6a159cef3d4b8 21-Apr-2017 Jeff Sharkey <jsharkey@google.com> Merge "Fix code accounting bugs, track external app data." into oc-dev
60a82cd4c29ade3e03ac0d1305e701471e40b7cf 19-Apr-2017 Jeff Sharkey <jsharkey@android.com> Flesh out more API docs.

Flesh out docs for Context.getCacheDir(), Intent.addFlags(),
Intent.removeFlags(), and PackageManager.setApplicationCategoryHint().

Test: builds, boots
Bug: 37470473, 37327774, 35812899
Change-Id: Ided031185258a89c3e275d65c162d537065ad49e
0034788844fd053f87beee60092c1dd44c7046e2 18-Apr-2017 Jeff Sharkey <jsharkey@android.com> Fix code accounting bugs, track external app data.

When counting code size, don't include APKs baked into the system.

Settings already accounts external storage used by apps, so they
need a way to exclude that from the total space used by external
storage; give them new getAppSize() API.

Refine docs to explain that emulated storage might be included in
measured statistics.

Resolve symlinks as part of matching getUuidForPath().

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.StorageHostTest
Bug: 35812899, 35844919, 37193650
Change-Id: Iec3ce8b336b71dc98a7d25fdd30fa78e9ee826dc
789a8fc792725e4988ff43d554b3c8c037c41921 16-Apr-2017 Jeff Sharkey <jsharkey@android.com> Storage API polishing.

Based on API council feedback, switch to using real UUID objects
instead of Strings. Since UUID is a general-purpose utility class
that will be passed around quite a bit, add it to Parcel and Bundle.

Define well-known namespaced UUID values for "default" and "primary
physical" storage devices, which will let us annotate a bunch of
things with @NonNull.

Define new extras for MANAGE_STORAGE intent that apps can use to
signal where and how much space they'd like the user to free up.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.StorageHostTest
Bug: 37325923, 35812899, 35806020
Change-Id: I8421b126d680f69141a361c1e77223fe2bf4a325
24403ff054f5c3086d297cafb8e928f3ac7c2f5b 04-Apr-2017 Jeff Sharkey <jsharkey@android.com> Just round up the data partition size.

Instead of trying to be clever by poking at underlying flash part
sizes, rely on the fact that device storage printed on retail
packaging is a power-of-two value.

For a typical device with a 23GiB data partition, this will return
a value of "32GB" which matches the retail packaging.

Test: builds, boots
Bug: 34827187
Change-Id: Ib4cf7f637dffc9238252e1fedcd86dc8b5cf656d
812c95d37dccf8a1fcef55c6999c6d69ecbac400 08-Feb-2017 Daichi Hirono <hirono@google.com> Allow apps to process ProxyFDCallback asynchrnously.

Previously callback methods of ProxyFileDescriptorCallback were invoked
on a background thread prepared in the framework. So all methods were
invoked and processed synchronously. This was problem because if it took
time to fetch bytes of one file, operations for other files were also

The CL changes ProxyFileDescriptorCallback methods to be invoked on
Handler passed by apps. Now application can prepare a Handler per file
so that one file does not block others.

Bug: 35229514
Test: cts-tradefed run cts -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest#testOpenProxyFileDescriptor_async
Change-Id: Ibadc4aad4c0373a3da586459a8f775e40288c895
(cherry picked from commit 4f156065c860d916b649e2b464e9405cafc732e9)
e53e2d9576cbcf6fc2bd9c8674e162bef7297226 26-Mar-2017 Jeff Sharkey <jsharkey@android.com> Add a new "virtual disk" feature.

It's extremely difficult to test storage related logic on devices
that don't have physical SD card slots. So to support better
debugging and testing, add a new "virtual disk" feature which mounts
a 512MB file through loop device.

Also move ParcelFileDescriptor.open() over to using Os.open() so
that it gets StrictMode treatment.

Bug: 34903607
Test: builds, boots, virtual disk works
Change-Id: I072a3a412cfcc8a2a3472919b7273a1ed794fd98
b5a35b8181fc1fc0d854b69e42d277b89d87ad53 23-Mar-2017 Jeff Sharkey <jsharkey@android.com> Refactor cache behavior from "atmoic" to "group".

Using the word "atomic" has too much baggage relating to locking
guarantees, so move to something softer.

Add isQuotaSupported() for CTS tests.

Move CacheQuotaStrategy over to using SparseLongArray, which has a
more efficient memory footprint inside the system server.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.StorageHostTest
Bug: 35812899, 35684969, 36482620
Change-Id: I894f53e6f3bc76c77d1bb18c51db14833df14a49
104b932b7b84e4d4dda51b187615d79e2559ebca 14-Mar-2017 Felipe Leme <felipeal@google.com> Fixed obsolete TODOs.

Test: not needed
Bug: 35395043
Bug: 26742218

Change-Id: I0e5adb574610374055a6546b66529a7aed7cc413
2277480ef2b2263c4418f9096f88a8edb0408efa 08-Mar-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Add metric for openProxyFileDescriptor."
d61817e07fc6dc6911ab097697dcae698e832b7a 13-Feb-2017 Daichi Hirono <hirono@google.com> Add metric for openProxyFileDescriptor.

Bug: 35300828
Test: None
Change-Id: I5175a8ab51ef4d93d032777a71295874a1189969
09734df8bc5a2b788c923ec1a8b78e4cb67f5e70 08-Mar-2017 Jeff Sharkey <jsharkey@android.com> Grumble, nobody likes kibibytes.

All the cool kids are using storage in increments of 1000 instead
of 1024, so find a balance somewhere between the two. We still round
to nice values like 32GB, 64GB, etc, but we represent them using
kilobytes under the hood.

Test: runtest -x frameworks/base/core/tests/coretests/src/android/os/FileUtilsTest.java
Bug: 28327846
Change-Id: I573aea43790816291e2b5c784b344b51b4444c06
5d3b37b947ea55901cd19bd058f5379736c31c47 01-Mar-2017 Garfield Tan <xutan@google.com> Remove DocumentsContract.ACTION_BROWSE.

Test: It builds.
Bug: 35760993
Change-Id: Icdd125d6e6329f703c4682b47b5b9fb80d7e1f27
458428ea6633e6000b453ef272c13823f5d02fe5 22-Feb-2017 Jeff Sharkey <jsharkey@android.com> Split cache clearing into two phases.

Use newly defined "V2_DEFY_QUOTA" flag to split cache clearing into
two phases: clearing data for apps above their quotas, and then
pushing deeper by clearing data for apps below their quotas.

Add placeholder comments for other data types that we're planning to
add shortly. Route all clearing behavior through this new method,
which remains guarded behind a flag for now.

Test: builds, boots
Bug: 34692014
Change-Id: I678d7b4e2bf6c837dd8a9adbc36a53015907f75f
d5d5e926eb8ff2541a845d6a5657cee5e5c6e7b6 21-Feb-2017 Jeff Sharkey <jsharkey@android.com> Clear cache space when allocating bytes.

Fleshes out remainder of allocation implementation, where we offer
to clear cached data to satisfy the allocation request. To prevent
abuse, we never let apps allocate into either the minimum cache space
or low storage space.

Clean up quota APIs to require the caller to pass in the path they're
interested in, and we resolve the underlying filesystem for them.

Defines settings that can be used to tweak the minimum cache space.

Test: builds, boots
Bug: 34690590
Change-Id: I85bc07399f91ee4aa568a8a54c615646bf748ad4
500ce9ea58a6c3465703257eab03f9bad76b1e0a 12-Feb-2017 Jeff Sharkey <jsharkey@android.com> Explicit API for allocating disk space.

Now that we're giving apps better guidance around how much cached
disk space they can use, we also need to provide a way to help clear
some of those cached files. The final logic is coming in a future
CL, but it will be designed to prevent abuse.

Test: newly added CTS tests
Bug: 34690590
Change-Id: I1e46ade0cdabbc33162fc7bfa76abec711992f92
9bed070b0910aad8c5800cec731058911d20c3d3 24-Jan-2017 Jeff Sharkey <jsharkey@android.com> More APIs for cache status and behavior.

Add APIs for apps to query their cache usage compared to their
currently allocated quota. Since an app's private storage may live
on a different storage volume than the primary shared/external
storage, offer APIs to retrieve those values separately.

Add APIs to control two new cache purging behaviors:

-- setCacheBehaviorAtomic() which causes a marked directory and its
contents to be treated as an atomic unit.
-- setCacheBehaviorTombstone() which causes the OS to truncate
files instead of deleting them.

Test: builds, boots
Bug: 33811826, 33965858, 27948817
Change-Id: I45de165623775c359f78b4ee544c2b5831b8d483
baa011685404ab5512e0b0724f07e7c98648d8ab 16-Nov-2016 Daichi Hirono <hirono@google.com> Remove StorageManager#mountAppFuse hidden API.

The API should be replaced with StorageManager#openProxyFileDescriptor.

Bug: 32891253
Test: build
Change-Id: Ibbf8b64f3a39900a1f05a52132aa931491d6fd48
500bffdba9e3b08abd26627af49ecc89a58c07ff 17-Jan-2017 Daichi Hirono <hirono@google.com> Publish StorageManager#openProxyFileDescriptor API.

Bug: 29970149
Test: Build succeeded
Change-Id: I1606b184968839fb99744387dcc058f15f6521c8
9fb00183a04036a58ee208f5bfd6c9768982f0aa 08-Nov-2016 Daichi Hirono <hirono@google.com> Add StorageManager#openProxyFileDescriptor.

The CL:

* Adds StorageManager#openProxyFileDescriptor API.
* Turns IProxyFileDescriptorCallback into a class so that it can provides
default implementations.
* Removes mActive state from FuseAppLoop, because the state will be managed at
the MountService side.
* Adds StorageManagerIntegrationTest to check if FUSE is correctly mounted or
not. Since it's implementation details, CTS does not help to test the

Test: StorageManagerIntegrationTest
Bug: 29970149

Change-Id: Id78dd4abcf9325820e9c77c264f54bfa77b85a92
bede012069321f7e1a264ac3ed55f45f39102627 09-Jan-2017 Alex Naidis <alex.naidis@linux.com> Merge "StorageManager: Improve exception handling" am: cf3a4a68bd am: 545cf37844 am: edca8aa3a8
am: 32dfe8c611

Change-Id: I5faf99bd2b4425f1615419de43f247f78d74108b
19d9c2d03c478c755eddbe7ac55d0dc778f332fd 04-Jan-2017 Alex Naidis <alex.naidis@linux.com> StorageManager: Improve exception handling

When "getPrimaryStorageSize" provides a path
to "readLong", the option that the path
doesn't exist is expected, since it tries
until there is success.

This patch makes us catch the "FileNotFoundException"
and "NumberFormatException" seperately.

For the above reason a "FileNotFoundException"
is now treated as an information only.
The "NumberFormatException" and other exceptions
are now treated as error since those are not
expected to happen.

Change-Id: I5316f9c3108e36c31b27dc5df8bf8ac4d4257629
Signed-off-by: Alex Naidis <alex.naidis@linux.com>
c0d3f0ed524bad773f6d61082a07f062d53b27a0 11-Oct-2016 Felipe Leme <felipeal@google.com> Dumps total size of primary storage.

BUG: 32069168
Test: manual verification

(cherry picked from commit 281389ac5475e483d10a2e8aa31195b9e9875246)

Change-Id: If5dee52a99c03a00dada22736c09d953dc0b66d1
31d0b7043d9077ad8a0ebfbd6ff2f98621e6f413 21-Nov-2016 Jeff Sharkey <jsharkey@android.com> Add 'fstrim' command for use from shell.

Test: builds, boots, new command works
Bug: 20948199
Change-Id: If7b122a6c98a4ce2a2f38e545015a22decd1b516
2250d56a0b47b93016018340c8f4040325aa5611 08-Nov-2016 Sudheer Shanka <sudheersai@google.com> Rename MountService to StorageManagerService.

Bug: 30977067
Test: Existing tests pass
Change-Id: Ieac0f11c2b249dcd60441b14c1f391e6f8131d42
92b96ba8fc51fab4f146900089a82415c01103aa 01-Nov-2016 Garfield Tan <xutan@google.com> Add internal support to convert a file system path to document URI.

Test: Manual tested with a new sample app in development/samples.

Bug: 30261615
Change-Id: I498a22b248fbc55b33d3efb4aa3183207cfb7bab
6e9dedaa74ed8109360fd174d0a3b1c85d0f9b21 04-Nov-2016 Sudheer Shanka <sudheersai@google.com> Merge "Fix IMountService transaction ids."
34b33887a17a312167666be217a0f521236b393d 01-Nov-2016 Sudheer Shanka <sudheersai@google.com> Fix IMountService transaction ids.

- (IBinder.FIRST_CALL_TRANSACTION=1) is added to the specified
transaction codes during binder generation. Correct the
IMountService transaction ids taking this into account.
- Update interface descriptors in MountService related native code.
- Add proxy implementations for IMountServiceListener and

Bug: 30977067
Test: Verified that calls from native code to IMountService system
service are working and listeners in native code can get the
callbacks correctly.
Change-Id: I9bef9a8113e92d8b36e963bd961ac858acac3f2a
e5a8a17ed2bb3ecf9665bcbc2232774f7f5d89f4 29-Oct-2016 Steve McKay <smckay@google.com> Remove the EXTRA_FANCY_FEATURES flag...

Which is no-longer necessary.

Test: build and run.

Change-Id: I515c4a1bf78cbf4d54304bf4ebe1059a596c95a0
428868c1f04fa1a6d9220afac5117d0207355fb1 28-Oct-2016 Sudheer Shanka <sudheersai@google.com> Merge "Move IMountService to aidl."
f73411428046e1a380d242274d7191ce602a38be 19-Oct-2016 Sudheer Shanka <sudheersai@google.com> Move IMountService to aidl.

Bug: 30977067
Test: Existing tests passing.
Change-Id: Icadfdcbc79708d3826b4e11afe35f5963aabcd4c
281389ac5475e483d10a2e8aa31195b9e9875246 11-Oct-2016 Felipe Leme <felipeal@google.com> Dumps total size of primary storage.

BUG: 32069168
Test: manual verification
Change-Id: Id319730182eb1e35cd515ab89a14b97654ace599
46e2afec48e44d2d24f97fd49d3042f8869040e6 11-Oct-2016 Jeff Sharkey <jsharkey@android.com> Set MIME type when building BROWSE intents. am: 42a4aaab44 am: ac184d3c46
am: 6f5f03b8c1

Change-Id: Iab359d3b375db98986adf9314b6bec7530326381
42a4aaab44de53ff692277d0fff74120c23724b8 10-Oct-2016 Jeff Sharkey <jsharkey@android.com> Set MIME type when building BROWSE intents.

If we created a BROWSE PendingIntent early during boot (while the
device was still locked), we would resolve the MIME type as "null"
meaning the intent would fail to launch.

Since we always know what the MIME type will be, set it explicitly.

Test: boot device while USB device attached
Bug: 30742481
Change-Id: I23c523cbe2660ca63a3b7df1f41300ab803b314c
aa67f684ff43c81e3280c846245ec6ebe907787e 20-Sep-2016 John Reck <jreck@google.com> Fix a bunch of repeated reads of a ro.* property

SystemProperties.get() is not particularly fast,
especially if a string is returned. Since ro.* values
are unable to be changed, there's no need to
continously re-query them. Cache the value at
static init time to trivially fix this.

Test: refactoring CL.
Change-Id: Iccb021d3cb2ba3a4a1d0048ddec6811bb7409eec
6dcbcc9f9b62fc887576a49fa43b5d887eab99b3 22-Aug-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Remove EXTRA_SHOW_FILESIZE."
0a38e2318b809dfbd4704705fcf3410d542edfe3 22-Aug-2016 Steve McKay <smckay@google.com> Remove EXTRA_SHOW_FILESIZE.

DocumentsUI will always show size.

Bug: 31016724

Change-Id: I19150332529c4699f00f7f239f775e89025f1c3f
49ca529a850e60482ddcc8c0762105b4aa10f35f 10-May-2016 Jeff Sharkey <jsharkey@android.com> Avoid caching services with missing binders.

When fetching system services early during boot, if the underlying
binder interface hasn't been published yet, we end up caching a
manager class that is broken for the remainder of the process
lifetime, and innocent downstream callers end up using the broken
cached manager.

Fix this by using an explicit exception to quickly abort manager
creation when the underlying binder is missing. The exception is
only used to skip the remainder of the manager creation, and it
doesn't actually crash the process.

Bug: 28634953
Change-Id: I0cb62261e6d6833660704b93a11185aa11a2ac97
179923a6117ebea8be46520ef5d63eacbc3465fd 19-Jul-2016 Felipe Leme <felipeal@google.com> Improved storage size detection.

The total storage size was calculating by reading and multiplying the
contents of /sys/block/mmcblk0/size and

On some devices, such calculation doesn't work because:

1.The primary block is not /sys/block/mmcblk0 .
2.The sector size is not the right value to use.

These 2 issues are temporarily addressed by providing alternative
primary blocks and hardcoding the size (512 bytes). In the long term,
the size should be calculated by vold, so each device could provide its
own calculation if necessary.

BUG: 30216622
Change-Id: I8f9a9f4f753d3c92bab9257062b61ed2b9d665c5
Fixes: 24128505
690346b145b77b13951fbf27cbc792195f975b6a 17-Jun-2016 Daniel Nishi <dhnishi@google.com> Use the Deletion Helper when system storage is low.

A notification is posted when the system storage gets too low.
Currently, it redirects into the Storage Settings. Instead,
it should redirect into the Deletion Helper to directly let the
user clear out their storage.

Bug: 29437277
Change-Id: I4e35adf300d5e479d4171f1e6f090f2a757400f2
18202e00bd2f8bc6e197cbad02d17ab0510b68cd 12-May-2016 Felipe Leme <felipeal@google.com> Added a getPrimaryStorageSize() method.

BUG: 24128505

Change-Id: I0b75d3c5505dadedf5d06868614b3a01765cc5d3

** Cherrypicked from master **
4815ed4500ac5480a6843a8cd7a6a3518ffddf4a 26-May-2016 Jeff Sharkey <jsharkey@android.com> Cache IMountService for isUserKeyUnlocked() calls.

This avoids doing a ServiceManager lookup for every call through
this hot code-path.

Bug: 28946245
Change-Id: I210ce34b33e5b40a5ab4e92ddce87fc5e9964be2
cc70155f3bf18341296aaa2163bd2e7df6997b11 17-May-2016 Paul Crowley <paulcrowley@google.com> Two phases to set the password for disk encryption

Revert "Revert "Two phases to set the password for disk encryption""

This reverts commit a1eb750e75ff7c7ef7698deed4442449c33334c8.

Bug: 28154455
Bug: 28694324
Change-Id: I8106bfba28da401b9fd38349c6a9fa9a24f54712
fec0d188c166e5a2c517f4494e83c1db11b31c68 13-May-2016 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Don't show new-window item in Downloads per Gabe." into nyc-dev
f570c771f23792837fb63f708bfa5c948d5fcad7 11-May-2016 Steve McKay <smckay@google.com> Don't show new-window item in Downloads per Gabe.

Also, fix regression...don't show "internal storage" option in Downloads.
All other modes, fix inconsistencies in presentation of
internal-storage/new-windows commands by eliminating launch mode inference.
Update VolumeInfo and MTP provider to send correct launch mode extra.

Bug: 28691735,28695347
Change-Id: Ic480925f4c8f1beee4da104a2259c1ce5f28a6a1
a1eb750e75ff7c7ef7698deed4442449c33334c8 10-May-2016 Paul Crowley <paulcrowley@google.com> Revert "Two phases to set the password for disk encryption"

This reverts commit 17e5dce5112fece2d2b9cd070c2f96bf65108e40.

Bug: 28694324
Change-Id: I6d89bc26cb429b195c9bcf640666c495617257b7
17e5dce5112fece2d2b9cd070c2f96bf65108e40 22-Apr-2016 Paul Crowley <paulcrowley@google.com> Two phases to set the password for disk encryption

In one phase, we make the new password work, and in the second we make
it the only one which works ("fixation"). This means that we can set
the password in Gatekeeper between these two phases, and a crash
doesn't break things. Unlocking a user automatically fixates the
presented credential.

Bug: 28154455
Change-Id: I18812f9ce753486ce4e33b4fe2cca392b006b39c
ce18c8167766f92856f94a8e88e19de4698960e6 28-Apr-2016 Jeff Sharkey <jsharkey@android.com> Introduce "unlocking" vs "unlocked" nuance.

There is a narrow window of time during user unlock where we're
reconciling user storage and dispatching the "unlock" status to
various internal system services. While in this "unlocking" state,
apps need to be told that the user still isn't actually "unlocked"
so they don't try making calls to AccountManager, etc.

The majority of internal services are interested in merging together
both the "unlocking" and "unlocked" state, so update them.

Clarify naming in AccountManagerService to make it clear that a local
list is being used, which mirrors the naming in MountService.

To match UX/PM requested behavior, move PRE_BOOT_COMPLETED dispatch
after the user is unlocked, but block BOOT_COMPLETED dispatch until
after all PRE_BOOT receivers are finished to avoid ANRs.

Bug: 28040947, 28164677
Change-Id: I57af2351633d9159f4483f19657ce0b62118d1ce
fcf1e55821b694df3b8434f40aa3b6d3c3e7ea50 15-Apr-2016 Jeff Sharkey <jsharkey@android.com> Consistent creation/destruction of user data.

Preparing and destroying users currently needs to be split across
installd, system_server, and vold, since no single party has all the
required SELinux permissions.

When preparing user directories on a storage device, always enforce
the serial number and destroy data if we run into a mismatch. When
deleting a user, write the updated user list first before we start
destroying data. Also start reconciling users on internal storage
at boot, so we can recover from stale data left behind from partially
destroyed users.

Check both CE and DE user directories when reconciling user storage
on a newly mounted storage device.

Bug: 27896918
Change-Id: I4536c82b0196e2720628c4f73fccb742c233350b
cadfc77d0355ef57308ef1bf8bf43560d2b2e245 13-Apr-2016 Jeff Sharkey <jsharkey@google.com> Merge "Fix broken javadoc." into nyc-dev
f82c2f08541481cae814e88a2b35f6d59d8d42aa 12-Apr-2016 Jeff Sharkey <jsharkey@android.com> Fix broken javadoc.

Change-Id: I9f2050fd6040234bb1d759ab346f79fc41247aa9
c250e45eda7ab38c88b3e5e7e302917cd001d3af 12-Apr-2016 Felipe Leme <felipeal@google.com> Make getStorageVolume(File file) public.

BUG: 27951594
Change-Id: I354f6a29b3fa3374ea07bcbe14096e9673d282c5
8b704d4474caf9fa0c7a734582fb6cce55248de4 07-Apr-2016 Jeff Sharkey <jsharkey@google.com> Merge "Revert "Remove old FUSE bypass now that we have sdcardfs."" into nyc-dev
8575da1cc0e3c9449e21bae270b489b8e815fccb 07-Apr-2016 Jeff Sharkey <jsharkey@google.com> Revert "Remove old FUSE bypass now that we have sdcardfs."

This reverts commit feef8b62ee60c8418bd7238522c06098e61eecff.

Change-Id: I90a3b8edf95cb5b631a85168671cf8b5a406d9ea
33dd156ed0ed839c5e77beb116f6f1a9566416e3 07-Apr-2016 Jeff Sharkey <jsharkey@android.com> Give users and devices control over sdcardfs.

Instead of relying only on kernel support for sdcardfs, give each
device the ability to quickly toggle between sdcardfs and FUSE. Also
add the ability to users to explicitly enable/disable the behavior
for testing and debugging purposes.

Bug: 27991427
Change-Id: Ia57f12f6ead888ab85101004bdd8c8003537b116
feef8b62ee60c8418bd7238522c06098e61eecff 06-Apr-2016 Jeff Sharkey <jsharkey@android.com> Remove old FUSE bypass now that we have sdcardfs.

This forces everyone to go through sdcardfs, instead of letting them
around the back door.

Bug: 27992761
Change-Id: If1d4d5daa4b32bb3be7de10102bab24d63552b65
2ac876945bfb388fed8b796c6d8c8e7f2e97f0d4 30-Mar-2016 Felipe Leme <felipeal@google.com> Minor tweaks on Scoped Directory Access:

- Only allow entire directory access on non-primary volumes.
- Do not display primary storage label on scoped access.

BUG: 27743842
BUG: 27676858
Change-Id: I9884fb1e2df3534fceebc5d5bef44adfb758724c
c02bfae73e139f2a1c56cc6b051bfc7877b8cf1d 27-Mar-2016 Jeff Sharkey <jsharkey@android.com> Include "invisible" volumes in new storage API.

The purpose of the new StorageVolume API is to grant access to
volumes that aren't typically "visible" to a developer, so include
them in the returned results.

Also return the real mounted state instead of augmenting based on
the caller's storage permissions. Clean up API naming slightly and
return as List.

Bug: 27615770
Change-Id: Ida921a4b91e5af81e418e76f672d9108f45a9781
541af9b119b7312aaa4545a9c103e7ed1365345b 24-Mar-2016 Felipe Leme <felipeal@google.com> Removed obsolete @NonNull.

BUG: 27676858
Change-Id: Ic3916769c1fa9d557294bcdbbc94e00c68376a5d
9eb5555aa6788ec948e7af8666a9155792b684f8 23-Mar-2016 Felipe Leme <felipeal@google.com> Merge "Allow Scoped Directory Access on whole volume." into nyc-dev
1719b3555dc9bff5394045585051e7d5684bceb1 21-Mar-2016 Aga Wronska <agawronska@google.com> Add config flag to show/hide internal storage.
Hide internal storage by default.

Revert "Always show intern storage."

This reverts commit 7c4395804e450533afb553ab992c47f737da8a9b.

Bug: 27683276

Change-Id: I04ea8b9a307babcea003f9bec200d41265a42c7f
db892b84e513f174d29f67d293435407a0ac7c6c 18-Mar-2016 Felipe Leme <felipeal@google.com> Allow Scoped Directory Access on whole volume.

There are some scenarios where an app needs access to the whole SD Card,
not subdirectories. For example, user might have a SDCard with
directories like vacation_pictures (instead of Pictures/vacation);
another example is a file management app.

BUG: 27676858
Change-Id: I20ef713de7e4dfa7e2d7d07bab11898af186d673
cf3f0a11a83e7a798e0586a78efdafc82a7f3d08 18-Mar-2016 Jeff Sharkey <jsharkey@android.com> Update direct boot related documentation.

Also hide a few APIs as requested by council. Add a method to
easily determine if a given File would already be encrypted at rest
by the OS.

Bug: 27531029
Change-Id: Icad5f1cd56411ad3ac707db85fd7449acdcc4b94
20be5d62471d520eed3a52d90c11944464a71c07 26-Feb-2016 Paul Lawrence <paullawrence@google.com> Add API to IMountService to get encryption state

Bug: 18002358
Change-Id: If7d9c9a5ed38ac37849fcf638ec10c76d2f419a1
7c4395804e450533afb553ab992c47f737da8a9b 02-Mar-2016 Steve McKay <smckay@google.com> Always show intern storage.

Only show debug root when devel mode is enabled.
Remove all traces of "advanced".

Bug: 27297398

Change-Id: Ie7e8be282531bd245351d56ababa8ca625c10fd2
50d1c044b5ce4b6fef532dc6e083cef903f554b2 01-Mar-2016 Jeff Sharkey <jsharkey@android.com> Parcelable classes should always be final.

Also hide ConnectivityMetricsEvent which isn't being used yet.

Bug: 27415331
Change-Id: Iacdccddda504f3f669185f807b4f35b8dc2b0212
f8880561e67e1da246970b49b14285efd4164ab1 26-Feb-2016 Jeff Sharkey <jsharkey@android.com> When system server goes down, crash apps more.

Similar to first patch, but now using new "rethrowFromSystemServer()"
method which internally translates DeadObjectException into
DeadSystemException. New logic over in Log.printlns() now
suppresses the DeadSystemException stack traces, since they're
misleading and just added pressure to the precious log buffer space.

Add some extra RuntimeInit checks to suppress logging-about-logging
when the system server is dead.

Bug: 27364859
Change-Id: I05316b3e8e42416b30a56a76c09cd3113a018123
53fcc756d06ed382e7b02b266631f7848d1b9c4f 17-Feb-2016 Felipe Leme <felipeal@google.com> Fixed typo on Storage Access Framework.

BUG: 26742218
Change-Id: I9b695ebe2176f186fc63b20f624e40dd9e257bc3
34a9d5271915fb82c22811e6d17691a34b6c52c1 17-Feb-2016 Felipe Leme <felipeal@google.com> Removed Intent.OPEN_EXTERNAL_DIRECTORY.

Such intent is now encapsulated by StorageVolume.createAccessIntent().

BUG: 26742218

Change-Id: I2e2bd71126ecd74981f77b0af7d069f51aaece74
04a5d40cf35fb2c2fca2c1bfd573e5916d804ef6 09-Feb-2016 Felipe Leme <felipeal@google.com> Initial implementation of StorageManager.getVolumesList().

This change makes StorageManager.getVolumesList(),
StorageManager.getPrimaryVolume(), and StorageVolume public and adds a
buildAccessIntent() in the latter to automatically generate the
ACTION_OPEN_EXTERNAL_DIRECTORY intent, but it doesn't change the
ACTION_OPEN_EXTERNAL_DIRECTORY implementation yet (i.e., it still takes an URI with the physical path of the directory, instead of a StorageVolume and
a directorny name).

BUG: 26742218

Change-Id: I36c59c42b6579e125ec7f03c3af141260875a491
faeb3eb0ba190e6d6cfe2b82ce20af587848de57 08-Feb-2016 Paul Crowley <paulcrowley@google.com> Password security for FBE disk encryption keys

Add the means to protect FBE keys with a combination of an auth token
from Gatekeeper, and a hash of the password. Both of these must be
passed to unlock_user_key. Keys are created unprotected, and
change_user_key changes the way they are protected.

Bug: 22950892
Change-Id: Ie13bc6f82059ce941b0e664a5b60355e52b45f30
47f7108c1270a9e81d9560b6b0570c659bb93a71 02-Feb-2016 Jeff Sharkey <jsharkey@android.com> Prepare user storage just before using it.

Wire up preparing of user-specific app storage to existing user
lifecycle hooks. This way we're sure the storage is ready to roll
just before we start reconciling app data directories.

This also has the nice property that we only prepare storage when
we know that keys are unlocked.

Bug: 25796509
Change-Id: Ic7df9ddbcfb1e20649d11b6cf68d424e3c365ee1
efa1761776160376278fa467ea31d8e3f621a286 30-Jan-2016 Steve McKay <smckay@google.com> Decouple SD card from ADVANCED storage toggle.

A variety of related fixes:
- don't force size enable when browsing from device mounted notifications.
- don't show settings menu item as action (put in overflow).
- add sd card icon (not quite yet used, need to suss that out).

Change-Id: I36f153c42217f8092f157ded2a756c02525593ab
cd65448ccd13c4c2d0fe9e9623fec3a898ab9372 09-Jan-2016 Jeff Sharkey <jsharkey@android.com> Even more PackageManager caller triage.

Finish moving all UID/GID callers to single AIDL method that requires
callers to provide flags.

Triage AppWidgets and PrintServices, which currently can only live on
internal storage; we should revisit that later.

Fix two bugs where we'd drop pending install sessions and persisted
Uri grants for apps installed on external storage.

Bug: 26471205
Change-Id: I66fdfc737fda0042050d81ff8839de55c2b4effd
c5967e9862489024c932b0c7fcb84ed0af2a7fd7 08-Jan-2016 Jeff Sharkey <jsharkey@android.com> More progress on triaging PackageManager callers.

Catch a bunch of simple cases where the PackageManager flags are
obvious. Add the ability to use the MATCH_SYSTEM_ONLY flag on
PackageInfo and ApplicationInfo queries.

Re-examine recent tasks after a user is unlocked, since some of the
activities may now be available and runnable.

Bug: 26471205, 26253870
Change-Id: I989d9f8409070e5cae13202b47e2c7de85bf4a5b
c4dd021322d38ea32ac49930e904b6d08ce6490c 18-Nov-2015 Lenka Trochtova <ltrochtova@google.com> Introduce ephemeral users.

BUG: 24883058

Change-Id: I2e1d6aa184142c2a3dc0415c0cd407573453cf41
ce14cd01411c384b3b979a9f662bf3cd5f9e7183 07-Dec-2015 Jeff Sharkey <jsharkey@android.com> Mount storage after unlock, fix leaving emulation.

Delay mounting of storage devices until after the user is unlocked,
which means any emulated storage areas will be ready for use. Track
separate per-user unlocked states for local versus system lifecycle

Switch to explicitly lock or unlock user keys during boot of a
device without native FBE support. This allows us to recover when
the user has disabled emulated FBE.

Force reboot when changing FBE emulation state.

Bug: 26010607, 26027473
Change-Id: Idaf8b63e69f886ddbd848a9fab6d143a5fd10500
ba51235ef5c598d845b77fcf14491329493da34f 13-Nov-2015 Jeff Sharkey <jsharkey@android.com> More file-based encryption work.

Add new "am unlock-user" command so we can trigger changes from the
command line.

Move FBE check to static method so it can safely be called early
during boot before the mount service is ready. Move FBE emulation
to persisted system property, and start reading/writing that value.

Change default permission grants to ignore current encryption-aware
flags, since many of the target apps aren't crypto aware.

Always prepare package data directories, which is how we create the
new "user_de" paths during boot.

Bug: 22358539
Change-Id: I6f58ea2d34b3a466d3775d614f8a13de92272621
84cebbeb69e5b473f0cb4d1575bdc57aac48e32e 25-Sep-2015 Ben Kwa <kenobi@google.com> Open the destination dir when a copy notification is tapped.

- Cleanup: rename the "open copy destination" action to "pick copy
destination", which better reflects what it does.
- Move DocumentsIntent from BaseActivity to Shared.
- Rename ACTION_BROWSE_DOCUMENT_ROOT to ACTION_BROWSE for general browsing.
- Use the new ACTION_BROWSE to open the copy destination when copy
notifications are tapped.


Change-Id: I10480b45a16ce716febac5453cb5015d26bb0062
9e8d9e250b4e3fe8e57072072ed84b5dea0a19d3 13-Nov-2015 Daichi Hirono <hirono@google.com> Add a mehtod definition to StorageManager for appfuse.


Change-Id: Id4d4a000daf89fab4917528fcd0d1270547fbfa4
f9fc6d6cc05595241bc7ced6d4cab97b45f9b901 09-Nov-2015 Jeff Sharkey <jsharkey@android.com> More file-based encryption work.

Add granular StorageManager APIs for key creation/destruction and
unlocking/locking. Start passing through an opaque token as part
of the unlock command, but leave it empty for now. We now have a
separate "prepare" method that sanity checks that user directories
are correctly setup.

Define a handful of system properties used for marking devices that
should be operating in FBE mode, and if they're emulating FBE. Wire
a command to "sm", but persisting will come later.

Start using new "encryptionAware" flag on apps previously marked with
coreApp flag, which were apps running in the legacy CryptKeeper
model. Small tweaks to handle non-encryptionAware voice interaction
services. Switch PackageManager to consult StorageManager about the
unlocked state of a user.

Bug: 22358539
Change-Id: Ic2865f9b81c10ea39369c441422f7427a3c3c3d6
6bcc32504f3b9c40b33718599a6ff8186a9669f4 05-Nov-2015 Paul Lawrence <paullawrence@google.com> Fix build

Change-Id: I0ebff8e41c2aa5bec2466d075d9143a5a525e02d
9548b380d98cf5fe2e3b0102e283e5e3b39a8968 05-Nov-2015 Paul Lawrence <paullawrence@google.com> Merge "Add developer option to convert from FDE to FBE"
3806d9c562c4391dd523a18145a76c8e359061c3 29-Oct-2015 Paul Lawrence <paullawrence@google.com> Add developer option to convert from FDE to FBE

This set of changes adds the screen that offers this conversion,
and the plumbing so the option is only available on suitable

It does not implement the conversion mechanism.Add conversion from FDE to FBE

Change-Id: Idf7bc834f30b3d1b0473e0a53c985ef01dd0ad18
965da39942f9a8736f785f7c57a6c351a8c89d6b 28-Oct-2015 Clara Bayarri <clarabayarri@google.com> Create a File Based Encryption check API

Change-Id: Ibf41f98818ea801b9f690200c340be80c3b9bf31
83df8c072ddd01a5adc11da0869103c4645e6d76 17-Sep-2015 Steve McKay <smckay@google.com> Merge BROWSE and BROWSE_ALL actions.

Open Files app when exploring from settings.
Force visibility of file size in this mode.
Don't hide empty media providers.

Bug: 24136618, 24140864
Change-Id: I6f238586725f9b6255812e3082bb8d8655219a7d
36d4aaeb6edddc995620c491e8a2d61a0a700c59 20-Aug-2015 Jeff Sharkey <jsharkey@google.com> am 39c49625: am e6983e87: am cd6ba412: am bbb5717d: am f3ad1eab: Merge "Pass underlying volume UUID to StorageVolume." into mnc-dev

* commit '39c4962580a52d5ca07f3576009564dddc8f4624':
Pass underlying volume UUID to StorageVolume.
bbb5717dee12ec37e0fcc6c186e1f80b9890e987 20-Aug-2015 Jeff Sharkey <jsharkey@google.com> am f3ad1eab: Merge "Pass underlying volume UUID to StorageVolume." into mnc-dev

* commit 'f3ad1eabc1fa5252165bfe1516690d1026507f0a':
Pass underlying volume UUID to StorageVolume.
8e2ea2a9f15217bd5e44665650251f83f3f70313 19-Aug-2015 Jeff Sharkey <jsharkey@android.com> Pass underlying volume UUID to StorageVolume.

To help MediaProvider uniquely identify storage devices, pass through
the UUID of the underlying private storage volume.

Bug: 23329611
Change-Id: I22ee7ea98fcb208d7797310acb3396a3f074f09b
4b76c496c6a47bc451ccbc024b94b271c5c69313 29-Jul-2015 Jeff Sharkey <jsharkey@google.com> am 7412dfe9: am 3f6c3849: am 170235a3: am acfaa947: am b8040265: Merge "Give secondary users read-only physical cards." into mnc-dev

* commit '7412dfe98daaf76377fc5d08e8b9bf994455b2a3':
Give secondary users read-only physical cards.
acfaa947f45ce1ea8140c2dc52d5f750dbc0a94d 29-Jul-2015 Jeff Sharkey <jsharkey@google.com> am b8040265: Merge "Give secondary users read-only physical cards." into mnc-dev

* commit 'b8040265dd0d5a2a96e0850623647dad2f528db1':
Give secondary users read-only physical cards.
4634987668eb7e1fa1434bddbde969ef43de6b40 28-Jul-2015 Jeff Sharkey <jsharkey@android.com> Give secondary users read-only physical cards.

Long ago, we mounted secondary physical cards as readable by all
users on the device, which enabled the use-case of loading media on
a card and viewing it from all users.

More recently, we started giving write access to these secondary
physical cards, but this created a one-directional channel for
communication across user boundaries; something that CDD disallows.

This change is designed to give us the best of both worlds: the
package-specific directories are writable for the user that mounted
the card, but access to those "Android" directories are blocked for
all other users. Other users remain able to read content elsewhere
on the card.

Bug: 22787184
Change-Id: Ied8c98995fec1b7b50ff7d930550feabb4398582
3e9079c9783bb6cf4edcdfd3c4f52a347969af10 16-Jul-2015 Svetoslav <svetoslavganov@google.com> am f25f3bd8: am 3c5fe9de: am 1f1f0cee: am eb16e1fb: am 08dda27b: Merge "Make sure we get valid package name or fail." into mnc-dev

* commit 'f25f3bd8718df8845c83f96e4f87d6dd3b974d0c':
Make sure we get valid package name or fail.
eb16e1fb2225f2cf84f5c56242a187fba59e39f8 16-Jul-2015 Svetoslav <svetoslavganov@google.com> am 08dda27b: Merge "Make sure we get valid package name or fail." into mnc-dev

* commit '08dda27be4678f2ab5bdc7e210d511ec105c158c':
Make sure we get valid package name or fail.
7395cbf07048abdad24b056f30a46f5b67920cd8 16-Jul-2015 Svetoslav <svetoslavganov@google.com> Make sure we get valid package name or fail.


Change-Id: I7b7dce9a8e398c4615bcb700de80241e94c4320c
dc3e83eae3a7958143ac5e987d7092f384eb0777 15-Jul-2015 Jeff Sharkey <jsharkey@android.com> am 026d6f97: am de404257: am 556136c8: am c7a60749: am d3719ab0: Merge "Better handling of storage paths." into mnc-dev

* commit '026d6f97d120f7f557a50effd82e6b3b6f032870':
Better handling of storage paths.
c7a607496aa5ba368524dd334877a9c428ab5f78 14-Jul-2015 Jeff Sharkey <jsharkey@android.com> am d3719ab0: Merge "Better handling of storage paths." into mnc-dev

* commit 'd3719ab07a0ba66c019979ce19c45b77c4aae92e':
Better handling of storage paths.
983294596e65a0226aa69e42bda9db322727fee5 13-Jul-2015 Jeff Sharkey <jsharkey@android.com> Better handling of storage paths.

Give more details about why we failed to create storage paths, and
search for underlying volumes using canonical paths.

Bug: 22135060
Change-Id: I75d3584403ece310438b05f5b9fe72d94c9096c6
1cdd6e83fb89bab4b4e7113343a47b579e99b8bf 14-Jul-2015 Marco Nelissen <marcone@google.com> am b2fef7a8: am f12612c8: am 48c78cfb: am c56668eb: am 3ced9617: Merge "Use original path if translated path doesn\'t exist" into mnc-dev

* commit 'b2fef7a81f39c38eff79897e7af02fff20b829cb':
Use original path if translated path doesn't exist
fbb4a38c7cc8ddb313c588f8d29bfcda5c0609c2 14-Jul-2015 Ian Pedowitz <ijpedowitz@google.com> resolved conflicts for merge of 30efac5a to master

Change-Id: I0dad4cf10ed01cbf49e33f0c2ed1d6f8a1c893e0
c56668eb223fe45ff5c1e399d99943838320c407 14-Jul-2015 Marco Nelissen <marcone@google.com> am 3ced9617: Merge "Use original path if translated path doesn\'t exist" into mnc-dev

* commit '3ced96178b1b132705e773736cbb707a3a0cd951':
Use original path if translated path doesn't exist
aa4110366813f29f6a71dbdee090ba823feb2efe 14-Jul-2015 Marco Nelissen <marcone@google.com> Use original path if translated path doesn't exist

Bug: 22376538
Change-Id: I2f6af4fa31c097e2e2d619a068cf83721091c450
d2c9d0d92c0d9c44d34b4f014fb3a434377d8518 14-Jul-2015 Paul Crowley <paulcrowley@google.com> Revert "am 8ae629f6: am 63690fa5: am 140ff7a5: am bac3d093: Merge "Delete the user key when deleting a user." into mnc-dr-dev"

This reverts commit c5da3fe1de36c231b8b1ac2aa07c2bf880af7b91, reversing
changes made to d884b41331fa486d5e4b02df725e37a497b08cc9.
c5da3fe1de36c231b8b1ac2aa07c2bf880af7b91 14-Jul-2015 Paul Crowley <paulcrowley@google.com> am 8ae629f6: am 63690fa5: am 140ff7a5: am bac3d093: Merge "Delete the user key when deleting a user." into mnc-dr-dev

* commit '8ae629f6cbda2ad55a1b6f3f508a04dc348ed796':
Delete the user key when deleting a user.
d7be214ca469c593d8a59cf7404020f4ad1aaed9 14-Jul-2015 Ian Pedowitz <ijpedowitz@google.com> resolved conflicts for merge of 8cee6587 to mnc-dr-dev

Change-Id: I0b2ed52214bb097d7fd69434afd0c6c890b5afb3
6ee871e59812fea4525c50231f677c4bd10c74b8 10-Jul-2015 Svet Ganov <svetoslavganov@google.com> Teach storage appops.

For modern apps targeting M SDK and up the external storage state
is deterined by granted permissions. For apps targeting older SDK
the storage access is determined by app ops correspning to the
storage permissions as the latter are always granted.

When app ops change we do not remount as we kill the app process
in both cases enabling and disabling an app op since legacy code
is not prepared for dynamic behavior where an operation that failed
may next succeed. Hence, we remount when we start the app.

For modern apps we don't kill the app process on a permission
grant, therefore we synchronously remount the app storage.


Change-Id: I601c19c764a74c2d15bea6630d0f5fdc52bf6a5a
bac3d0936dfdb4d594873fd8690e8017e748ed96 13-Jul-2015 Paul Crowley <paulcrowley@google.com> Merge "Delete the user key when deleting a user." into mnc-dr-dev
9e0e69915a2e45dd5ba158e0436571551a672636 13-Jul-2015 Paul Crowley <paulcrowley@google.com> Merge "Use mount service to create user dirs." into mnc-dr-dev
7ec733fad39ff9e439a67c9cf51b88bc84cdfda0 19-May-2015 Paul Crowley <paulcrowley@google.com> Delete the user key when deleting a user.

Bug: 19706593

(cherry-picked from commit 85e4e818d83dbc65b1e6e3ed9d39c656188acaec)

Change-Id: Icc6d53a99558317b2ec154f931e481ad9fe64aa3
bcf48ed2262d655ebf59153dea645ca761b73db5 22-Apr-2015 Paul Crowley <paulcrowley@google.com> Use mount service to create user dirs.

Bug: 19704432

(cherry-picked from commit 9102f5d953fbde03e12f385b2225004edc43d202)

Change-Id: I64a2c85beef115158feed3953deae32f692e750f
333b5b7d345c4717a972a7f8ad37c49899b8d2a5 09-Jul-2015 Jeff Sharkey <jsharkey@android.com> am b64813bd: am 093be69c: am f3d73162: am 46552cff: am 9d587a97: Merge changes I9971c466,Ib42474fd into mnc-dev

* commit 'b64813bdf08502ded55f7222ea426c7c948cc4e9':
Kill MediaProvider during drastic changes.
Use best volume description for MTP.
28e38bbf4428ed49cba391d2815d2f19b1988983 09-Jul-2015 Jeff Sharkey <jsharkey@android.com> am 608114f9: am e232afca: am 95661575: am 612aac4e: am c66b90fe: Merge "Generate stable MTP storage IDs." into mnc-dev

* commit '608114f9668be847715a7e8015bda19e4343b535':
Generate stable MTP storage IDs.
a83bf1966e3e51fb052db86daf359d5b1cc110f5 08-Jul-2015 Jeff Sharkey <jsharkey@android.com> Use best volume description for MTP.

Otherwise we end up showing adopted storage devices as "Unknown."

Bug: 20275423
Change-Id: Ib42474fd5b3284b1e8eca7de8a4cfbb71a34a107
a4da90dbabca0dc54424dec09f4da98a0903a81a 08-Jul-2015 Jeff Sharkey <jsharkey@android.com> am 28339797: am 6e77499a: am fb10a760: am 79204a32: am 15369c6c: Merge "Fix volume naming when surfaced over MTP." into mnc-dev

* commit '28339797043834e5f1cd196363ef3cfdd66607ad':
Fix volume naming when surfaced over MTP.
5af1835d678031d4a6615edc96ba58c82304b31d 08-Jul-2015 Jeff Sharkey <jsharkey@android.com> Generate stable MTP storage IDs.

It ends up that MediaProvider is persisting MTP storage IDs in its
database, so we need to make sure we generate stable IDs over time,
otherwise we can end up looking into a black hole.

Bug: 22256092
Change-Id: I6a75c239aac1b71fd5f6df0df69b24971079a086
7a788a865e72da4205b5cf4e0a6f08ccb6f4bdbd 07-Jul-2015 Jeff Sharkey <jsharkey@android.com> Fix volume naming when surfaced over MTP.

Otherwise we show everything as "Unknown."

Bug: 22256092
Change-Id: I19fe8a25aff02db8ca9aff288e6715d469f65327
3aeb218d0ddec11455fe0347a9c7056da24f2f9e 07-Jul-2015 Jeff Sharkey <jsharkey@android.com> am 6480393a: am c2e16e9b: am 63ba1d9e: am d58ddd82: am 246d6984: Merge "Handle missing migration source volume." into mnc-dev

* commit '6480393a0dc4d96de6f58cf0a1420e82bc8203a0':
Handle missing migration source volume.
3bb8c854189591fcee16d2a6854fae862b02d1e8 07-Jul-2015 Jeff Sharkey <jsharkey@android.com> Merge commit '1db64c19' into merge3

Change-Id: I0aea6817876a5820a7d67a4de5bef0f86ce702a2
ef10ee014594d800f5f5ca31ea93f1cab2880d05 05-Jul-2015 Jeff Sharkey <jsharkey@android.com> Handle missing migration source volume.

Users can try migrating primary storage while the current location
is missing/unmounted. Fail gracefully instead of runtime restarting.

Bug: 21927076
Change-Id: I40645f8ccea05154e7cbacd188f6cba5f4dbbdc4
6dce4964b4d1a13d276d95730b8fb09d6a5a8d04 04-Jul-2015 Jeff Sharkey <jsharkey@android.com> Reconcile private volumes when mounted.

Many things can happen while a private volume is ejected, so we need
to reconcile newly mounted volumes against known state.

First, user IDs can be recycled, so we store the serial number in the
extended attributes of the /data/user/[id] directory inode. Since a
serial number is always unique, we can quickly determine if a user
directory "10" really belongs to the current user "10". When we
detect a mismatched serial number, we destroy all data belonging to
that user. Gracefully handles upgrade case and assumes current serial
number is valid when none is defined.

Second, we destroy apps that we find no record of, either due to
uninstallation while the volume was unmounted, or reinstallation on
another volume.

When mounting a volume, ensure that data directories exist for all
current users. Similarly, create data directories on all mounted
volumes when creating a user. When forgetting a volume, gracefully
uninstall any apps that had been installed on that volume.

Bug: 20674082, 20275572
Change-Id: I4e3448837f7c03daf00d71681ebdc96e3d8b9cc9
6c1721509aab98dcfae281463e1cbe69b90cf480 04-Jul-2015 Jeff Sharkey <jsharkey@android.com> am b959b1aa: am c6913187: am a5ed2c4d: Merge "Better handling of trim/benchmark results." into mnc-dev

* commit 'b959b1aaea9fa64e3eb6cee7ce8e64d8a10657a3':
Better handling of trim/benchmark results.
e8a4b66960056c2dc2c8dbb5f8df00710645cc64 28-Jun-2015 Jeff Sharkey <jsharkey@android.com> Better handling of trim/benchmark results.

Request benchmarking of devices once per week during normal fstrim
maintenance window. Tunable parameter gives us the ability to change
frequency through global setting.

Track individual benchmark and trim results for each volume, and
use scrubbed volume identifier (based on adoptiong age) when logging
stats to drop box. Track last benchmark and trim time for each
volume separately.

Bug: 21831325
Change-Id: I53b3ed788f7820c2e5bceb2840339f5b4aada3f0
aedb56fd18487d7a34b8ea9f09e4a717afa75a1e 26-Jun-2015 Jeff Sharkey <jsharkey@android.com> Merge commit 'b02c73d5' into manualmerge

Change-Id: I3ec37c9d45d685c2393087bdefa6ab512cc70062
9527b223a9d4a4d149bb005afc77148dbeeff785 25-Jun-2015 Jeff Sharkey <jsharkey@android.com> Let's reinvent storage, yet again!

Now that we're treating storage as a runtime permission, we need to
grant read/write access without killing the app. This is really
tricky, since we had been using GIDs for access control, and they're
set in stone once Zygote drops privileges.

The only thing left that can change dynamically is the filesystem
itself, so let's do that. This means changing the FUSE daemon to
present itself as three different views:

/mnt/runtime_default/foo - view for apps with no access
/mnt/runtime_read/foo - view for apps with read access
/mnt/runtime_write/foo - view for apps with write access

There is still a single location for all the backing files, and
filesystem permissions are derived the same way for each view, but
the file modes are masked off differently for each mountpoint.

During Zygote fork, it wires up the appropriate storage access into
an isolated mount namespace based on the current app permissions. When
the app is granted permissions dynamically at runtime, the system
asks vold to jump into the existing mount namespace and bind mount
the newly granted access model into place.

Bug: 21858077
Change-Id: I62fb25d126dd815aea699b33d580e3afb90f8fd2
0e5e4eea5e1bffbca34f2c928ed619d2f63019e1 22-Jun-2015 Jeff Sharkey <jsharkey@android.com> am 4edfd64b: am 421daf85: am c629271d: Merge "Forget private partition keys." into mnc-dev

* commit '4edfd64bc1c69be3107fe924772331c1a974e28c':
Forget private partition keys.
5cc0df214bbe2b169150c9060dc5288bb8aaf338 18-Jun-2015 Jeff Sharkey <jsharkey@android.com> Forget private partition keys.

When we forget a private partition, ask vold to also forget the key
for that partition GUID. This means we need to track both the
filesystem UUID and the partition GUID for a private volume.

Bug: 21782268
Change-Id: Icda1cbb65539d61dacc663428daf3d1a2e4c313e
a84fc38bdfa953454c159c0d8e08de51af054d5b 13-Jun-2015 Makoto Onuki <omakoto@google.com> am 92177ad7: am b3be7c26: am 80b34d7b: Merge "Add StorageEventListener.onDiskDestroyed()" into mnc-dev

* commit '92177ad765b86f77e86a29e9d013883af9fec134':
Add StorageEventListener.onDiskDestroyed()
80b34d7b9da0e0738a4a1db78d83cd804372594b 13-Jun-2015 Makoto Onuki <omakoto@google.com> Merge "Add StorageEventListener.onDiskDestroyed()" into mnc-dev
76e0067158d1f866624ae5c0cc14bf4e9ecf6cda 13-Jun-2015 Jeff Sharkey <jsharkey@android.com> am ed547496: am e4872995: am 1d04e6a6: Merge "More useful extras in disk/volume broadcasts." into mnc-dev

* commit 'ed547496691b65ae45252aee9471fb36b39bacc3':
More useful extras in disk/volume broadcasts.
c7acac6798e12780194af33d5a9fdf382ab17155 13-Jun-2015 Jeff Sharkey <jsharkey@android.com> More useful extras in disk/volume broadcasts.

Change-Id: I594166cff332aaf72b2b6357ac6ed3e6e42cbc49
9dc575d63c5f0d7511308bd2cd3d5dbd20c15e17 13-Jun-2015 Makoto Onuki <omakoto@google.com> Add StorageEventListener.onDiskDestroyed()

Bug 21336042

Change-Id: I226cf205191dd302ff8d5156f9ae0fe8fc5b2c2b
4d98bd0e3a9f52b6faed03a246a2dbe4fce56eac 11-Jun-2015 Jeff Sharkey <jsharkey@android.com> am 03d3aefd: am a6f89a07: am c8488e99: Merge "Ignore some more generic USB device names." into mnc-dev

* commit '03d3aefd3e0cc1b1cd1f43792ab9c3fc3bc9614c':
Ignore some more generic USB device names.
47b872d9c36347382dd24ad5c3f70490d8fcbb23 11-Jun-2015 Jeff Sharkey <jsharkey@android.com> Ignore some more generic USB device names.

Bug: 21376386
Change-Id: I8c1b1cf9d881ad2795e9b15740ff511260572f1b
9c9661f1b77c450149dcc66c5d9ac8bd36c0367c 11-Jun-2015 Jeff Sharkey <jsharkey@android.com> am 51b055d3: am e1844c83: am 5fc24733: New strings!

* commit '51b055d330279f5d0a38ad1c33540189e71356e8':
New strings!
5fc247338dfc1a817f708163201cdf395cff3303 10-Jun-2015 Jeff Sharkey <jsharkey@android.com> New strings!

Bug: 21737573, 21666225, 21756698, 21737666, 21471429
Change-Id: If1c5882d48f798d311f6d2b86277d3c13f06824e
326a0acde1fd2e790b9a854d1ac4610b16224a17 04-Jun-2015 Paul Crowley <paulcrowley@google.com> Merge "Delete the user key when deleting a user."
8692b7e5a12d79d14a6717bb3650a3f8a032d997 03-Jun-2015 Paul Crowley <paulcrowley@google.com> Merge "Use mount service to create user dirs."
3452d2d0dbffc74a87751b39da9fa40d88d5c91f 26-May-2015 Paul Lawrence <paullawrence@google.com> Merge "Honor password visible setting in CryptKeeper" into mnc-dev
85e4e818d83dbc65b1e6e3ed9d39c656188acaec 19-May-2015 Paul Crowley <paulcrowley@google.com> Delete the user key when deleting a user.


Change-Id: I36ec1b987f5a07450c6a564c74f124ec8d3403ad
9102f5d953fbde03e12f385b2225004edc43d202 22-Apr-2015 Paul Crowley <paulcrowley@google.com> Use mount service to create user dirs.

Bug: 19704432
Change-Id: Iee037ca653482b0ee7bf59c7ba193c75411fe42f
f5a6bd7538a6800c2a43ace5ad67d65b1f8f697a 19-May-2015 Jeff Sharkey <jsharkey@android.com> Push initial disk state, handle empty media.

Stash volume count from last scan, and use it to push initial storage
notifications state when listener is first attached.

Also omit disks with invalid size, which usually means they're an
empty slot with no media.

Bug: 20503551
Change-Id: I75097035aebaad70ba32437179a863f6a0910aa5
d8fdb338918e63bbab2e65bdb2f4d12320a1b24a 18-May-2015 Paul Lawrence <paullawrence@google.com> Honor password visible setting in CryptKeeper

Bug: 20184626

Change-Id: Ida0f34299947a5d4067406cc6e029fb841077804
4c099d0c49c8366efd3c26854465b3ceef49b627 15-May-2015 Jeff Sharkey <jsharkey@android.com> Command to change force adoptable state.

Since user builds can't setprop, add an explicit "sm" verb to change
the force adoptable state.

Bug: 21191915
Change-Id: I719d9b18c1a98c97442a5ddb1cc5512e8e4d3d3f
9756d75ec28844f5ca30fda786a117c1a0ee88da 15-May-2015 Jeff Sharkey <jsharkey@android.com> Initial pass at storage benchmarks.

Offer an interface for Settings to invoke benchmarks on various
attached volumes.

Bug: 21172095
Change-Id: I847ddc87c58285457d1324be87f70ce10507accb
0d838a0fad500a3c446df501d8aa7656c2c3a7a2 13-May-2015 Jeff Sharkey <jsharkey@android.com> Determine if we have adoptable disks.

Bug: 19993667
Change-Id: I9b21b05736c22d34ca22f5ad6e1a6ebec440cfb6
7d2af54a98358e9dea96f879ebd1ea915263522b 13-May-2015 Jeff Sharkey <jsharkey@android.com> New "sm" shell tool to call StorageManager.

Surface basic StorageManager commands through shell tool, like
simple listing of disks and volumes, and commands like mounting and

The output is designed to be parsed by host-side testing tools,
instead of relying on fragile dumpsys parsing.

Bug: 19993667
Change-Id: I993e92ecf57996678965945f0ae648b392a77ea2
c840681dbd42978745274e7c44d8c37a1f68a746 04-May-2015 Jeff Sharkey <jsharkey@android.com> Avoid NPE when fsUuid is null.

Bug: 20822962
Change-Id: I6340b70dba5a4f94a0f08ddfbda0190db97746f1
50a05454795c93ac483f5cb6819e74cb17be1b5b 29-Apr-2015 Jeff Sharkey <jsharkey@android.com> Returning to wizard, split move events.

Finish wiring up notifications to jump back into in-progress wizard
flow, using moveId as identifier.

Split move events back into separate creation and progress events,
and pass details as bundle to pass extra stuff like UUID. Null
package still means moving primary storage.

Add explicit "volume forgotten" event for PackageManager to clean
up internal state with.

Plumb through internal path reported by vold, and bring back FUSE
bypass rewriting optimization.

Bug: 19993667
Change-Id: I0f43edbba36c58c5cd33550022c54c4eb9f01a48
b42d694691e73d094df616fe78627ada7e1239ef 29-Apr-2015 Jeff Sharkey <jsharkey@android.com> Method to wipe all adoptable disks.

Will be used by various classes doing factory reset.

Bug: 9433509
Change-Id: I0701abe00abc2fb9085ce1ffe6e28fb27c91ab51
b36586a7c9b7718f33961406537e27bbd9b16211 27-Apr-2015 Jeff Sharkey <jsharkey@android.com> Split some VolumeInfo state into VolumeRecord.

VolumeRecord is a historical record of a volume that we've seen in
the past. It's now surfaced outside the framework for SystemUI to
drive the notifications that bug users to reinsert missing private

Show progress notifications for both storage and package movement
operations. Notify when an empty disk is inserted (no usable volumes)
which launches into the normal format flow.

Add API to forget volumes.

Bug: 20275424, 20275424
Change-Id: I75602c17fdcd4d1f1f62324e1a08c4a33093eefa
275e3e43f2fba72fa99001cafa2a70e5478fc545 25-Apr-2015 Jeff Sharkey <jsharkey@android.com> Migrate primary external storage.

Wire up through MountService to call down into vold. Watch for
unsolicited events that report progress, including special value "82"
that signals that copy has finished. We use this value to persist
the volumeUuid in case of unexpected reboot, since it indicates the
new volume is ready.

Wire progress updates through existing callback pipeline.

Update the volume mounting code to match against the persisted UUID
when selecting the primary external storage.

Bug: 19993667
Change-Id: Id46957610fb43517bbfbc368f29b7d430664590d
620b32b316fd4f1bab4eef55ec8802d14a55e7dd 24-Apr-2015 Jeff Sharkey <jsharkey@android.com> Package and storage movement callbacks.

Since package and primary storage movement can take quite awhile,
we want to have SystemUI surface progress and allow the Settings
app to be torn down while the movement proceeds in the background.

Movement requests now return a unique ID that identifies an ongoing
operation, and interested parties can observe ongoing progress and
final status. Internally, progress and status are overloaded so
the values 0-100 are progress, and any values outside that range
are terminal status.

Add explicit constants for special-cased volume UUIDs, and change
the APIs to accept VolumeInfo to reduce confusion. Internally the
UUID value "null" means internal storage, and "primary_physical"
means the current primary physical volume. These values are used
for both package and primary storage movement destinations.

Persist the current primary storage location in MountService
metadata, since it can be moved over time.

Surface disk scanned events with separate volume count so we can
determine when it's partitioned successfully. Also send broadcast
to support TvSettings launching into adoption flow.

Bug: 19993667
Change-Id: Ic8a4034033c3cb3262023dba4a642efc6795af10
74acbbb2cd367c6e78db7de5118ff9dd56da61d0 21-Apr-2015 Jeff Sharkey <jsharkey@android.com> Blend in force adoptable flag when set.

Bug: 19993667
Change-Id: Ic7f348d171a89e889281b7efb1aa0cbade048975
e6c04f9417cc4bff0f5f9e72f0d6d66d2aab6e80 19-Apr-2015 Jeff Sharkey <jsharkey@android.com> Broadcast hidden volumes, notification polish.

Send limited broadcast intent when certain volume state changes
occur; the only customer for now is ExternalStorageProvider.

Change notification flow to be less bumpy. Pick USB icon based on
disk type, and avoid using "generic" disk labels.

Bug: 19993667
Change-Id: I263bc9e9aae2ae57eb4d1afe76da686aee5475fb
27de30d31c3e79bc429cb71aed9681c55243f18d 19-Apr-2015 Jeff Sharkey <jsharkey@android.com> Wire up non-visible volumes, more states.

Adds logic to ExternalStorageProvider to scan non-visible volumes,
such as USB OTG devices. We use internal paths when surfacing these
volumes, which also optimizes around the FUSE daemon for public
devices. Also dumps internal state when requested.

VolumeInfo now directly contains DiskInfo, which means it's
snapshotted when sending events, avoiding teardown races. Switch
notifications to use this DiskInfo directly.

Finish wiring up new volume state, including helper methods to make
it readable/writable state clearer. Handle disks and volumes with
spaces in their labels.

Bug: 19993667
Change-Id: I5c75e5658a6415976811477aebafee7694bde0f4
7e92ef3a1146102806fa0543ef12e09231c55639 18-Apr-2015 Jeff Sharkey <jsharkey@android.com> Volumes know parent disks; unsupported disks.

This is cleaner and more direct than the reverse of having the disk
publish child volume membership. Rename state constants to match
public API. Add state representing bad removal. Make it clear that
volume flags are related to mounting.

Send new unsupported disk event when we finish scanning an entire
disk and have no meaningful volumes.

Splice disk labels into description when known. Only adoptable
slots are directly visible to apps.

Bug: 19993667
Change-Id: I12fda95be0d82781f70c3d85c039749052dc936b
e2d45be4dae116307f8edd85eaa61134221cb8f9 16-Apr-2015 Jeff Sharkey <jsharkey@android.com> Candidate volumes for packages, fix symlink.

Add API to determine the possible candidate volumes that a package
can be moved to. For example, it currently knows that we need to
move ASEC-based apps through internal storage before migrating them
to a private volume.

Comparator for consistent VolumeInfo ordering when displayed in UI.

Fix native library symlink to be volume UUID aware.

Bug: 19993667
Change-Id: I68d5fac5f0f776ac1c7dd15e7a984bfe2704f3f7
d95d3bfb2b28a4f21f3fdcd740160c9a61eb0363 15-Apr-2015 Jeff Sharkey <jsharkey@android.com> Persist nickname and flags for volumes.

StorageManager now offers to persist a nickname and user flags for
active volumes. This metadata is kept around and spliced into
any future VolumeInfo when the same UUID is present. Current user
flags indicate "initialized" and "snoozed" states to control how
notifications are shown.

Notify listeners when metadata changes, and kick public notification
after a volume is initialized. Make unique PendingIntents when
multiple volumes are active.

Beginnings of plumbing to ask for missing volumes.

Offer explicit accessors for VolumeInfo and DiskInfo to give better
path to documentation and deprecation.

Bug: 19993667
Change-Id: I3d8b68be83f43ba992d21d51cad5b775776d681c
56bd3129138b525b0f2eba52bd4fa140f23e792c 14-Apr-2015 Jeff Sharkey <jsharkey@android.com> Checkpoint of storage notifications.

Rewrite of storage notifications to support multiple disks/volumes,
handling the state of each independently. Update strings to match
spec. Include actions to jump into wizard when adoptable, otherwise
browse or eject.

Move browse intent creation to common place on VolumeInfo. Also add
well-formed extra names. VolumeInfo now carries the parent disk ID
along with it to avoid races when unmounting.

Bug: 19993667
Change-Id: I236ddc7f8112490355f438b828bec8d40c331fdd
59d577a518333f4b4514315b6d10e8dba160abcd 12-Apr-2015 Jeff Sharkey <jsharkey@android.com> Browse mode for DocumentsUI, removed volume state.

The existing management mode is too specific, and requires that
storage backends add queryChildDocumentsForManage(), etc. Instead,
to offer more natural browsing support, add a new BROWSE_ROOT intent.

It behaves mostly like MANAGE_ROOT, except that it doesn't mutate
its Uris with setManageMode(), and it shortcuts straight to VIEW on
clicked documents.

It can be launched like this:

$ adb shell am start -a android.provider.action.BROWSE_ROOT
-d content://com.android.externalstorage.documents/root/8405-1DFB
-c android.intent.category.DEFAULT

Also rename a MetricsConstants to make it clearer, and don't
auto-mount all emulated volumes.

Fix bugs around parceling of DiskInfo/VolumeInfo. Method to resolve
the best description for a VolumeInfo, which might need to fall
back to DiskInfo.

Add back "removed" volume state so we send broadcast when a volume
is destroyed, matching the expected public API behavior.

Bug: 19993667
Change-Id: I13aff32c5e11dfc63da44aee9e93a27f4690a43f
b2b9ab8354da1485178cd8d8e9d89ac915b3f269 06-Apr-2015 Jeff Sharkey <jsharkey@android.com> Installing packages to expanded storage.

PackageManager now offers to load/unload packages when expanded
volumes are mounted/unmounted. Expanded storage volumes are still
treated as FLAG_EXTERNAL_STORAGE from a public API point-of-view,
but this change starts treating the INSTALL_EXTERNAL flag as
exclusively meaning ASEC containers.

Start tracking the UUID of the volume where a package is installed,
giving us a quick way to find relevant packages. When resolving an
install location, look across all expanded volumes and pick the one
with the largest free space. When upgrading an existing package,
continue preferring the existing volume. PackageInstaller now knows
how to stage on these volumes.

Add new movePackage() variant that accepts a target volume UUID
as destination, it will eventually move data too. Expose this
move command through "pm" command for testing.

Automount expanded volumes when they appear.

Bug: 19993667
Change-Id: I9ca2aa328b9977d34e8b3e153db4bea8b8d6f8e3
16c9c249d5f06014442aa5c78254b702f6a034c5 05-Apr-2015 Jeff Sharkey <jsharkey@android.com> Fix up ExternalStorageFormatter.

It's not going to be around for much longer, so just fix enough to
work correctly.

Also teach about new "unmountable" state from vold.

Bug: 19993667
Change-Id: Ib72c3e134092b2a895389dd5b056f4bb8043709a
7151a9a887051542c6da9f380376f3b306184e5c 05-Apr-2015 Jeff Sharkey <jsharkey@android.com> Storage methods using IDs, update listeners.

Add StorageManager methods that work with Disk and Volume IDs instead
of paths which can change over time. For example, a freshly formatted
volume has a different UUID and mount point, even though it's the same

Update StorageEventListener to be all one-way calls to avoid blocking
while dispatching events. Add new listener method for Volume-level
state changes. The existing state method will remain focused on the
per-user state reflected by StorageVolume. Switch listeners over to
using the more robust RemoteCallbackList pattern under the hood.

Change external ASEC scanning logic in PackageManagerService to be
driven by listener events, instead of explicit MountService calls.

Bug: 19993667
Change-Id: I57c505de260ff1762a78d70d15f1892f40229210
1b8ef7e3165ff9aa52a4905dafc8d0f83e7403f9 04-Apr-2015 Jeff Sharkey <jsharkey@android.com> Parcelable objects for Disk/Volume.

Will eventually be used by SystemUI and/or Settings.

Also fix SettingsProvider NPE.

Bug: 19993667, 19909433
Change-Id: Ie326849ac5f43ee35f728d9cc0e332b72292db70
4887789e44cdb16b042a35e8ec03983213e88ac6 18-Mar-2015 Jeff Sharkey <jsharkey@android.com> Progress towards dynamic storage support.

Storage devices are no longer hard-coded, and instead bubble up from
whatever Disk and VolumeBase that vold uncovered, turning into
sibling Java objects in MountService. We now treat vold events as
the source-of-truth for state, and synchronize our state by asking
vold to "reset" whenever we reconnect.

We've now moved to a model where all storage devices are mounted in
the root mount namespace (user boundaries protected with GIDs), so
we no longer need app-to-vold path translation. This also means that
zygote only needs to bind mount the user-specific /mnt/user/n/ path
onto /storage/self/ to make legacy paths like /sdcard work. This
grealy simplifies a lot of system code.

Many parts of the platform depend on a primary storage device always
being present, so we hack together a stub StorageVolume when vold
doesn't have a volume ready yet.

StorageVolume isn't really a volume anymore; it's the user-specific
view onto a volume, so MountService now filters and builds them
based on the calling user. StorageVolume is now immutable, making
it easier to reason about.

Environment now builds all of its paths dynamically based on active
volumes. Adds utility methods to turn int types and flags into
user-readable strings for debugging purposes.

Remove UMS sharing support for now, since no current devices support
it; MTP is the recommended solution going forward because it offers
better multi-user support.

Simplify unmount logic, since vold will now gladly trigger EJECTING
broadcast and kill stubborn processes.

Bug: 19993667
Change-Id: I9842280e61974c91bae15d764e386969aedcd338
56e629322f0739a04c8ff48915226ecf36a13b44 22-Mar-2015 Jeff Sharkey <jsharkey@android.com> Bring MountService into the SystemService world.

Change-Id: I7f7db49ff373b199f7b81f184a7c62bee682af67
7265abe77a76f848a316640b5da106e882bdbc8a 21-Nov-2014 Christopher Tate <ctate@google.com> Be increasingly aggressive about fstrim if it isn't being run

The current heuristics depend on devices being alive at midnight+ in
order to run periodic background fstrim operations. This unfortunately
means that people who routinely turn their devices off overnight wind
up with their devices *never* running fstrim, and this causes major
performance and disk-life problems.

We now backstop this very-friendly schedule with an increasingly
aggressive one. If the device goes a defined time without a background
fstrim, we then force the fstrim at the next reboot. Once the
device hits the midnight+ idle fstrim request time, then we already
aggressively attempt to fstrim at the first available moment
thereafter, even if it's days/weeks later without a reboot.

'Available' here means charging + device idle. If the device never
becomes idle then we can't do much without rendering an in-use device
inoperable for some number of minutes -- but we have no evidence of
devices ever failing to run fstrim due to this usage pattern.

A new Settings.Global element (type 'long', called
"fstrim_mandatory_interval") is the source of the backstop time. If
this element is zero or negative, no mandatory boot-time fstrim will
ever be performed. If the element is not supplied on a given device,
the default backstop is 3 days.

Adds a new string to display in the upgrading dialog when doing
the fstrim. Note it is too late for this to be localized, but since
this operation can take a long time it is probably better to have
it show *something* even if not localized, rather than just sit there.

Bug 18486922

Change-Id: I5b265ca0a65570fb8931251aa1ac37b530635a2c
f839b4fcb6b179529585765517895a8c90fe315b 26-Sep-2014 Elliott Hughes <enh@google.com> Set the system locale correctly even on an encrypted device.

Bug: 17659622
Change-Id: Ibbbd5b959bfab5345f20b556c4720d0910b50084
e2c88d39b2c5b33d55c42230db7899202625a96a 29-Aug-2014 Paul Lawrence <paullawrence@google.com> Add constants so we can distinguish decryption failures

Bug: 17213613
Change-Id: I6bc10a1ed0855f6946ea9eb2f8d2db00c1af327c
941a8ba1a6043cf84a7bf622e44a0b4f7abd0178 21-Aug-2014 Jeff Sharkey <jsharkey@android.com> Installing splits into ASECs!

Sessions can now zero-copy data directly into pre-allocated ASEC
containers. Then at commit time, we compute the total size of the
final app, including any inherited APKs and unpacked libraries, and
resize the container in one step.

This supports both brand new ASEC installs and inheriting from
existing ASEC installs. To keep things simple, it currently requires
copying any inherited ASEC contents, but this could be optimized in
the future.

Expose new vold resize command, and allow read-write mounting of ASEC
containers. Move native library extraction into the installer flow,
since it needs to happen before ASEC is sealed. Move multiArch flag
into NativeLibraryHelper, instead of making everyone pass it
around. Migrate size calculation to shared location.

Separate "other" package name in public API, provide a path to a
storage device when relevant, and add more docs.

Bug: 16514385
Change-Id: I06c6ce588d312ee7e64cce02733895d640b88456
742e790294b3441b79f715fe447069b63c6065db 17-Aug-2014 Jeff Sharkey <jsharkey@android.com> Progress towards staging ASECs.

Move location selection logic into shared PackageHelper location,
and share it between DCS and PackageInstaller. Fix bugs related to
installed footprint calculation; always count unpacked native libs.

Have PMS do its own threshold checking, since it's fine to stat
devices. PMS only ever deleted staging ASECs, so move that logic
into installer and nuke unclaimed staging ASECs. Allocate legacy
ASEC names using PackageInstaller to make sure they don't conflict
with sessions.

Start wiring up session to allocate ASEC and pass through staged
container for installation.

Fix bug to actually delete invalid cluster-style installs.

Bug: 16514385
Change-Id: I325e0c4422fc128398c921ba45fd73ecf05fc2a9
e8fdc541dc8c4388dc3c6d52aff70f290d7fb985 28-May-2014 Paul Lawrence <paullawrence@google.com> Hide crypto consts from docs

@bug 15192967

Change-Id: I134b2cb2d2841bc101e63a8a4dbd86f7b7bdca14
9502f990899ef576879048ec5147d403158ad89d 10-Apr-2014 Paul Lawrence <paullawrence@google.com> Merge "Allow encryption when keyguard is set to pattern or no protection"
46791e752ca1eca35e6a882c47d7de7f4f66687c 03-Apr-2014 Paul Lawrence <paullawrence@google.com> Allow encryption when keyguard is set to pattern or no protection

Add type parameter to encryptStorage so we can set type when we encrypt

Depends on

Circular dependency on:

Bug: 13749169
Change-Id: I52034ec25de35f12f1bbfdd1b0f8584923a0be2e
e51dcf98a4ddb1340cffba88059ad89f0b90909a 18-Mar-2014 Paul Lawrence <paullawrence@google.com> Save OwnerInfo so CryptKeeper can display at boot time

Requires vold change from

Bug: 13526708
Change-Id: I33153df9961832f72c3b8103bd5e1d3a17e77df3
945490c12e32b1c13b9097c00702558260b2011f 27-Mar-2014 Paul Lawrence <paullawrence@google.com> Don't double prompt on booting encrypted device

vold will store password securely until KeyGuard requests it
and hands it on to KeyStore.

This is a revision of


which was reverted. It had two bugs in LockSettingsService.checkVoldPassword.
1) We were not checking password for null, which caused an exception
2) checkPattern/checkPassword return true if there is no saved pattern or password.
This leads to situations where we get true returned even when the password
doesn't match. Call the correct one based on what is there, not what vold
thinks ought to be there.

Bug: 12990752
Change-Id: I05315753387b1e508de5aa79b5a68ad7315791d4
6ee7d25010d4f23b44a151f3953225ba253de8af 26-Mar-2014 Paul Lawrence <paullawrence@google.com> Revert "Don't prompt at boot if we already did that when decrypting"

This reverts commit 493e3e7e6523fd94cc1acae3e45935a1227d58c3.

Should fixes

Bug: 13611885
Bug: 13656830
Change-Id: I117c988bb6679f44f8add4fcc18f45cb8238dfb4
493e3e7e6523fd94cc1acae3e45935a1227d58c3 06-Feb-2014 Paul Lawrence <paullawrence@google.com> Don't prompt at boot if we already did that when decrypting

vold will store password securely until KeyGuard requests it
and hands it on to KeyStore.

Needs matching vold changes from

Bug: 12990752
Change-Id: I930ed8180cf0b8feb1e58db043d5fb6dff1bab20
0a18029075fbe5e5da396c66ef26cfa7e7f1a082 13-Feb-2014 Paul Lawrence <paullawrence@google.com> Clean up a few minor issues

Make public some constants, remove unused imports.

See https://googleplex-android-review.git.corp.google.com/#/c/412885/
for when these were introduced.

Change-Id: I90d0e33a411ebdd84c36e3d9afae70d2f2847538
8e39736f91a08961cf59c87075e61d9026833b50 28-Jan-2014 Paul Lawrence <paullawrence@google.com> Support default, pattern, pin and password encryption types

Java plumbing to expose methods to get/set encryption type in
IMountService, and hooking up of those methods to the Settings app
so the type is set correctly.

Needs matching vold changes from

Bug: 8769627
Change-Id: I70c0ed72d11f5ab6f0958a7f9c101b6822b13baa
17d5c1b18132e82abb1b828dcc39ca17cff35dd3 06-Dec-2013 Tom Marshall <tdm.code@gmail.com> Parse UUID string with Long.parseLong

Integer.parseInt throws an NPE for values greater than 0x7fffffff.
1f706c6cd1cb841adadc2babc57a34e5728983ec 17-Oct-2013 Jeff Sharkey <jsharkey@android.com> Include external storage devices in DocumentsUI.

Include volume UUID in generated document IDs to uniquely identify
volumes over time. Show volume label to users. Watch for mount
changes to update available roots.

Bug: 11175082
Change-Id: Ia151bde768587468efde0c1d97a740b5353d1582
5aca2b8dc4f4ff2d466a64587d06666c7bbd9749 17-Oct-2013 Jeff Sharkey <jsharkey@android.com> Plumb through physical device UUID and label.

vold now parse out UUID and label for inserted physical devices,
and reports them to framework. Add these to hidden StorageVolume
class for use by DocumentsUI and MediaProvider.

Remove last JNI method in FileUtils!

Bug: 11175082
Change-Id: I1cfcd1ade61767b103f693319ea2600008ee2e3c
2d8b4e801332e02d6aad615b85cc9dd056ef805c 18-Sep-2013 Jeff Sharkey <jsharkey@android.com> Delegate mkdirs() to vold when lacking perms.

Apps without sdcard_r or sdcard_rw are still able to write to
their package-specific directory, but someone needs to first make
that directory on their behalf. This change will delegate the
mkdirs() call through to vold when an app fails to create directly.

MountService validates that the path belongs to the calling user, and
that it's actually on external storage, before passing to vold.

Update Environment to make app-vs-vold paths clearer.

Bug: 10577808
Change-Id: I43b4a77fd6d2b9af2a0d899790da8d9d89386776
be72215c39916af9ae42332260c04b696bc73d7f 16-Feb-2013 Jeff Sharkey <jsharkey@android.com> Better API for low disk space warnings.

Provides uniform interface to ask about low disk thresholds; can
be mocked by other tests. Opens door to adjust thresholds based on
disk type.

Switch monitor service to using new API, and use filesystem paths
from Environment instead of hard-coding.

Change-Id: Ifdb536e36a453f1b67bc65849037ec3cc0232cf2
4fbbda4cecb078bd3867f416b02cc75f5455284f 25-Sep-2012 Jeff Sharkey <jsharkey@android.com> Handle multi-user mountObb() requests.

Since emulated external storage paths differ based on execution
context, carefully fix up paths for various use-cases:

1. When sending paths to DefaultContainerService, always scope
OBB paths as belonging to USER_OWNER.
2. When sending paths to vold, always build emulated storage paths
visible to root.
3. Always use the original untouched path when talking with apps.

Mount OBB containers using shared app GID, so that an app can read
the mount point across users.

Handle legacy paths like "/sdcard" by resolving the canonical path
before sending to MountService. Move tests to servicestests, and
add tests for new path generation logic.

Bug: 7212801
Change-Id: I078c52879cd08d9c8a52cc8c83ac7ced1e8035e7
b049e212ab7fe8967893c202efcb30fecfdb82fb 08-Sep-2012 Jeff Sharkey <jsharkey@android.com> Include user identifier in external storage paths.

When building external storage paths, always include user in path
to enable cross-user paths and aid debugging.

Each Zygote process continues to only have access to the appropriate
user-specific emulated storage through bind mounts. A second set of
mounts continue supporting legacy /sdcard-style paths. For example,
a process running as owner has these mount points:


Since Environment is created before Zygote forks, we need to update
its internal paths after each process launches.

Bug: 7131382
Change-Id: I6f8c6971f2a8edfb415c14cb4ed05ff97e587a21
9545dc020ea11649d70dcbe911a8e82a3254a4ea 07-Sep-2012 Jeff Sharkey <jsharkey@android.com> Include primary flag in StorageVolume.

Bug: 7003520
Change-Id: Iaae2ae22253820c954c51e0199c31087bc825f3f
cb80cb700d15319c20686998e822aed32a56adf5 10-Aug-2012 Jean-Baptiste Queru <jbq@google.com> am 37548994: Merge "StorageManager: fix issue that GREF has increased to 2011 in system server with intel stress test."

* commit '37548994e69292932e9e2fafb7cba6c53e3a2bcd':
StorageManager: fix issue that GREF has increased to 2011 in system server with intel stress test.
6614bb657929c70dad988fb14b4b91f3b9d4f7fc 28-May-2012 Chuanxia Dong <chuanxiao.dong@intel.com> StorageManager: fix issue that GREF has increased to 2011 in system server with intel stress test.

Issue description:
When run ICS stress test, always meet GREF issue. one of contributor is MountService$MountServiceBinderListener.
log info
19:21:11.609 222 24316 W dalvikvm: 24 of com.android.server.am.ActivityManagerService$AppDeathRecipient (24 unique instances)
19:21:11.609 222 24316 W dalvikvm: 479 of com.android.server.MountService$MountServiceBinderListener (479 unique instances)
19:21:11.619 222 24316 W dalvikvm: 7 of com.android.server.accessibility.AccessibilityManagerService$6 (7 unique instances)
Note: PID 222 is system server.

Issue alaysis:
Everyone can call getSystemService(Context.STORAGE_SERVICE) to get service.
When other service get StorageManager, StorageManager will new MountServiceBinderLister and
register a listener in MountService, which won't be unregistered. It's easy to generate a lot of
instance of unused MountService$MountServiceBinderListener in system server.

Issue fix:
So change the policy to be:
1. Doesn't new MountServiceBinderLister in construction.
2. when other service needs to register listener in StorageManager,
StorageManager will register listener with MountService.
3. When other service needs to unregister listener in StorageManager,
if there is no more other listeners in StorageManager, StorageManager
will unregister listener in MountService.

Change-Id: Iaaf889f44a1a5f62b9f65b3ab1b486c9b7dcaf7f
Author: Chuanxiao Dong <chuanxiao.dong@intel.com>
Signed-off-by: Bo Huang <bo.b.huang@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
a45746efadd11bb7dfab026fb3c81a25fae74ca4 19-Jul-2012 Jeff Smith <whydoubt@yahoo.com> Fix several cases of broken droiddoc syntax
external issue 35214

patch contributed by Jeff Smith <whydoubt@yahoo.com>

Change-Id: I70dcee88a140699bf3e1ab369bed6dcd2fdd3d83
13fe2a5330a5df662d7b1b136e7b08fe34c94a42 19-May-2012 Fabrice Di Meglio <fdimeglio@google.com> Fix bug #6522190 MountService should respond to configuration changes ("INTERNAL STORAGE" string should be translated dynamically)

- use an ID instead of a String for StorageVolume description
- use this ID for getting the correct localized version of the description string

Change-Id: I30f3080fce2c889be38bfdf9f5121dffcf8a99e8
51a573c76737733638c475f52e441c814e6645cc 17-May-2012 Kenny Root <kroot@google.com> Wait for ASECs to be scanned before proceeding

Move MountService up the list, then pause waiting for MountService to
finish scanning ASECs before the services that require those packages to
be ready.

Additionally, don't automatically mark all ASEC apps as FLAG_EXTERNAL on
reboot. This prevents AppWidgets and other things from being used with
ASECs which are on internal storage.

Bug: 6445613
Change-Id: I3e0b3e244fec966814d7a5ea93de5d337aea79bd
6dceb88f1c7c42c6ab43834af2c993d599895d82 12-Apr-2012 Kenny Root <kroot@google.com> Allow forward locked apps to be in ASECs

We couldn't put forward-locked apps in ASEC containers before since we
didn't have any permissioned filesystems. This adds the ability for
forward-locked applications to be in ASEC containers.

This means that forward locked applications will be able to be on the SD
card now.

This change also removes the old type of forward-locking that placed
parts of apps in /data/app-private. Now all forward-locked applications
will be in ASEC containers.

Change-Id: I17ae0b0d65a4a965ef33c0ac2c47e990e55707ad
cba928cef7d614d375253246f014c4a52bb8b913 18-Aug-2011 Mike Lockwood <lockwood@android.com> SystemServer: Add support for disabling AudioService and MountService

Using the same convention in system_init.cpp, you can disable these
services by setting system properties:


Signed-off-by: Mike Lockwood <lockwood@android.com>
13235db8f780a3cb322545687041b066dd74e736 06-Dec-2011 Joe Malin <jmalin@google.com> DOC CHANGE: Add text for android.os.storage

Change-Id: Ia5785cff3860907af4c53cbe769126496ee338c3
b9c1acfb0b4a41ffb5a4d9c38ef298c3a1eb9599 10-Oct-2011 Christopher Tate <ctate@google.com> DO NOT MERGE - Require device encryption password for adb backup/restore

This supersedes any backup-password that the user might supply. Per
design, the device encryption password is also always used to encrypt
the backup archive.

The CL introduces two new strings, used for prompting the user for
their device encryption password rather than their settings-defined
"backup password" when confirming a full backup or restore operation.

Bug 5382487

Change-Id: I278737927a4ecbb765bfb5ecfd28a4cb8dae52ef
13c7197da8a16f77f6398708a6314c80cb01e0d1 08-Sep-2011 Ben Komalo <benkomalo@google.com> Revert encryption mapping for device wipes.

External storage volumes that were emulated+encrypted needed to have
their encryption mapping removed so that it doesn't try to encrypt the
volume after formatting them.

This just wires through an argument through vold, and assumes that vold
will do the right thing even if there is no encryption mapping set.

Bug: 5017638
Change-Id: I858fae3d12cb415bc34637f520f71220ad9daaad
444eca232964dbf27d0c4d01447c1493f89186e0 02-Sep-2011 Ben Komalo <benkomalo@google.com> Expose getting encryptstate through IMountService

- this really just calls cryptfs cryptocomplete
- needed so that UI logic can present a factory reset option if
encryption screwed up

Bug: 3384231
Change-Id: I553de87f0d03a65851030c9c5266e85866d30fa6
4161f9b30329e558868bb2b16c3e83c0b9cd26fd 13-Jul-2011 Kenny Root <kroot@google.com> Add StorageVolume list to MountService dump

Change-Id: If2be6e420d9671032d2e7a66c71a6733e6e48ac8
7a59dd2ce33b46cbc73eef964ddb4272ea1da8d1 11-Jul-2011 Mike Lockwood <lockwood@android.com> MTP: Return error if user tries to copy a file >= 4GB to a FAT32 file system

Bug: 4561836

Change-Id: I2bffb93b032038f6c220c24c752ccd7ca66c23a0
Signed-off-by: Mike Lockwood <lockwood@android.com>
292f8bc9d1b790ab975a87a842c7fabc908b97e0 28-Jun-2011 Dianne Hackborn <hackbod@google.com> Plumb information from the framework about asec container size.

Change-Id: Ie0ec3cb6d463aefa341a8cbea80be790451ba5e3
8e8b280bd19fa6cb69bb19e1d90cf03a47ba2d72 07-Jun-2011 Mike Lockwood <lockwood@android.com> StorageVolume: Add allowMassStorage flag

Change-Id: I9d19e635bb06e50068d7e4e6919322bd5bb2e00f
Signed-off-by: Mike Lockwood <lockwood@android.com>
37051cdd8624c4821bb68169be427061c48ad837 26-May-2011 Gilles Debunne <debunne@google.com> ExternalStorageFormatter takes an optional StorageVolume target.

Change-Id: Ic85689659dbf49a7fcc1b7aaf25e4a94e62848b9
a5250c93928e256738125b265e10c96c3575597e 23-May-2011 Mike Lockwood <lockwood@android.com> MountService: Add StorageVolume as extra in storage related broadcasts.

Change-Id: I8e1a21ae233ba9812e58b363b59a66b260a01cbf
Signed-off-by: Mike Lockwood <lockwood@android.com>
fbfe55512596fd00c1fb51caa851e17dae60fd43 17-May-2011 Mike Lockwood <lockwood@android.com> StorageVolume: Add getStorageId() accessor

This ID is used for MTP as well as per volume querying in the media provider.

Change-Id: Ic4fc986d972bd477730643f7e9450c390c0b3a4b
Signed-off-by: Mike Lockwood <lockwood@android.com>
2f6a3885533a52758c2cd4f81f6123a712be8ae6 10-May-2011 Mike Lockwood <lockwood@android.com> StorageManager: Clean up and generalize storage configuration resources

Replace config_emulateExternalStorage, config_externalStorageRemovable,
config_externalStoragePaths, config_externalStorageDescriptions and
config_mtpReserveSpaceMegabytes resources with an XML resource file
to describe the external storages that are available.

Add android.os.storage.StorageVolume class

StorageManager.getVolumeList() now returns an array of StorageVolume

Change-Id: I06ce1451ebf08b82f0ee825d56d59ebf72eacd3d
Signed-off-by: Mike Lockwood <lockwood@android.com>
d967f4664f40f9a4c5262a44b19df9bbdf457d8a 24-Mar-2011 Mike Lockwood <lockwood@android.com> DO NOT MERGE StorageManager: Add getVolumeList() and getVolumeState() methods

Change-Id: I43d5c1730b340f1288b58012234b38f801001b71
Signed-off-by: Mike Lockwood <lockwood@android.com>
66700397496fc6f6d26f9f0b56ead8ef610b9654 29-Jan-2011 Jean-Baptiste Queru <jbq@google.com> Merge 3100207b from gingerbread-plus-aosp

Change-Id: Ib2eaede8b9e400e1d273f981c08a6ef82f3dd588
1358b6a4fb68e81058aa938e46b125350bdf0fff 29-Jan-2011 Jean-Baptiste Queru <jbq@google.com> Tweak to make merges easier

Bug: 3364311

Change-Id: Idec05206615de524a3b61d8579d9f2b462b541cd
d4796c823b92866d5895acf610e5571e9b5724d9 29-Jan-2011 Jason parks <jparks@google.com> am a2e765ef: Merge "Update the encryption password when the device password is changed." into honeycomb

* commit 'a2e765ef1ad2cb907a4ae0a93bb15e4764ebb59a':
Update the encryption password when the device password is changed.
f7b3cd4efd40b7631f36ea014407a850f7dc637e 27-Jan-2011 Jason parks <jparks@google.com> Update the encryption password when the device password is changed.

* Added changeEncryptionPassword() to the MountService.
* Update LockPatternUtils to call changeEncryptionPassword()
when the password is changed.

Note we only require the new password to change the
encryption password.

Bug: 3382129
Change-Id: I26a7e919e325e75e22fa4290da0a8b1b57b55a80
7dbf0696ef37097f2bcec058f876f7f4ba63d357 26-Jan-2011 Kenny Root <kroot@google.com> resolved conflicts for merge of 2c1d0967 to honeycomb-plus-aosp

Change-Id: Ie9b0166b0260ee7eea7bdd275e64f2714024bf1c
2c1d0967ba23f7e806e338bc74148bed93823706 26-Jan-2011 Kenny Root <kroot@google.com> Merge "Make ObbActionListener a on-way call" into honeycomb
ff271a2288f375fc7a5854ac0d1f7c969d91996d 26-Jan-2011 Kenny Root <kroot@google.com> am 2ec4af59: am 138757db: Merge "Make OBB results a one-way call" into gingerbread

* commit '2ec4af59209ab3a7088a001bbbcb10ef0b846564':
Make OBB results a one-way call
b7db2726e91f1d9480359d0f83b9cb7769906b34 26-Jan-2011 Kenny Root <kroot@google.com> Make OBB results a one-way call

OBB result back to an application needs to be a one-way binder call.

Bug: 3353699
Change-Id: I0e625914d18a001c2fa9d764ea6463f34cf96743
f09d63a52c84386a7b3539eab5b43f020f194c77 17-Jan-2011 Kenny Root <kroot@google.com> Re-@hide some of the other StorageManager API

Some StorageManager API was accidentally unhidden during a bad merge.
Re-@hide the API to fix it.

Bug: 3362407
Change-Id: I5ad6925d3b6c18c33230127b1318c150d028a010
ec7c9ff0bb1c98cb8bec3ec7bdacbae3a434fa53 17-Jan-2011 Kenny Root <kroot@google.com> Hide USB mass storage APIs in StorageManager

They appear to have been unhidden in a bad merge from gingerbread.

Change-Id: Ice0fc865425d5d885af3c2e90a7ffeaa1d623b80
373c1c975dce2e460d40a7c1cd71e35ce4b4a375 14-Jan-2011 Kenny Root <kroot@google.com> Make ObbActionListener a on-way call

Bug: 3353699
Change-Id: If1bba2e9c2ed3d807657b6b4a6b54b7805bec02b
56aa5321fe6f00fa3662e6f46a4b2559aa34f63e 07-Jan-2011 Jason parks <jparks@google.com> Add a method enable encryption.

This is for testing and needs to be cleaned up.

Change-Id: I29958f2a95c7773744e61bbd23a302b752614f87
5af0b916f850486cff4797355bf9e7dc3352fe00 29-Nov-2010 Jason parks <jparks@google.com> Add decryption support to MountService.

* Implement the decryptStorage() method on the Mount Service.
This method makes the calls into vold to decrypt the encrypted
volumes and mount them.

Change-Id: I4f6e07a111cf0b36611d590debf9f6579c5ac5f7
733e79c24042145d12a18cac59e8edb08965fab0 15-Oct-2010 Kenny Root <kroot@google.com> am 2f98a585: am 49ec3dff: Merge "OBB: Change documentation to reflect reality" into gingerbread

Merge commit '2f98a585cda066689b1b525322c51fcacbc3770b'

* commit '2f98a585cda066689b1b525322c51fcacbc3770b':
OBB: Change documentation to reflect reality
0a9b54e88b9cbb30748b5f0b331aec3f3ef8d639 14-Oct-2010 Kenny Root <kroot@google.com> resolved conflicts for merge of 8bb7a1df to master

Change-Id: Ieec036f494a54eab74a27b954d1423bf981dd3f9
19dcd2aeba184f81b140b4fbc692bdd80a51299e 13-Oct-2010 Kenny Root <kroot@google.com> OBB: Change documentation to reflect reality

We can't reliably detect when the key for an OBB is incorrect, so just
remove the mention in the documentation. It still returns an error, but
just not the most specific error.

Bug: 3091064
Change-Id: I70e506822f2178a0ac5e4617fe545b23ce0026f4
e1ff214e32ed5c546a7603b07b054908c4d93312 12-Oct-2010 Kenny Root <kroot@google.com> Add API to check for emulated external storage

When the storage is emulated, we don't want to install ASEC containers
to it. This adds the API to check when the external storage is emulated
and uses it to check whether or not to install packages to the external
storage in an ASEC container.

Bug: 3024387
Change-Id: Ia0318aca9e4938a4897deaada5603a4c7c1d0f48
af9d667ccf3e24058214cf4cc0a8aa8bc5100e3c 08-Oct-2010 Kenny Root <kroot@google.com> OBB: rearrange to be entirely asynchronous

Rearrange structure of MountService handling of OBBs to be entirely
asynchronous so we don't rely on locking as much. We still need the
locking to support dumpsys which has been improved to output all the
data structures for OBBs.

Added more tests to cover more of the error return codes.

Oh and fix a logic inversion bug.

Change-Id: I34f541192dbbb1903b24825889b8fa8f43e6e2a9
9e95468bbb4b4cb48d817cee2960681aa876b12a 01-Oct-2010 Kenny Root <kroot@google.com> am 6ce5f60c: am 38cf8867: Remove OBBs from state list when volume unmounted

Merge commit '6ce5f60c791401ed0faf5d36baf4fc6612358676'

* commit '6ce5f60c791401ed0faf5d36baf4fc6612358676':
Remove OBBs from state list when volume unmounted
38cf8867a8d3e8d5159abd0bd0e6a3b0b8348b94 26-Sep-2010 Kenny Root <kroot@google.com> Remove OBBs from state list when volume unmounted

Don't keep tracking OBBs when the volume they're located on goes away.
Remove them from our state tracking maps and then send a notification to
any listener that is still around.

Add a dump handler to MountService so the state of the mount lists
can be inspected.

Change the API to just make a callback directly to the change listener
when mount is called when it's already mounted or unmount called when
it's already unmounted.

Change-Id: Idb4afbb943ca5ca775825f908bff334e3ce1cfcc
bff405f91001237ec94ec64f86fa2370c4509559 29-Sep-2010 Kenny Root <kroot@google.com> resolved conflicts for merge of d8e8186c to master

Change-Id: Ica3f6cd958717ea7033cab8b4bf9cd3425c1e1c5
05105f7abe02b2dff91d6260b3628c8b97816bab 23-Sep-2010 Kenny Root <kroot@google.com> Update OBB API to include callbacks

Add a callback for users of the StorageManager API to be able to receive
notifications when the requested operation completes for mountObb and

Add NDK API to get to ObbInfo like the Java API has.

Also update the docs for the API and remove the "STOPSHIP" comments.

Change-Id: I23a4409c7f8b74d3169614beba920b4d667990a4
53e75ea847df20b29124966a4232dc0109c37e27 24-Aug-2010 Kenny Root <kroot@google.com> resolved conflicts for merge of 485de781 to master

Change-Id: I483cb81596f09b024b1aea7fc55960183f38b24f
e49564e0f710ba4a1405cfdfde068cb776ee474e 21-Aug-2010 Kenny Root <kroot@google.com> am 821afa9a: am 54d41379: Merge "Add OBB flags to support overlays" into gingerbread

Merge commit '821afa9aec8d3a4ffd2e72ce797d8097eaf13973'

* commit '821afa9aec8d3a4ffd2e72ce797d8097eaf13973':
Add OBB flags to support overlays
be857d42849eaaa554d4772dbba7755f8a0f3547 19-Aug-2010 Kenny Root <kroot@google.com> Reorganize MountService IPC

Remove auto-generated AIDL files and replace them with manually edited
.java and .cpp/.h files so that binder calls can be made from either
Java or C++.

Update the makefiles to not attempt to generate the AIDL files and also
remove the old auto-generated .java files.

Put all the storage-related C++ things in libstorage so that we don't
pollute other libraries.

Change-Id: I82d1631295452709f12ff1270f36c3100e652806
02ca31fbae9f35dd30f79de6927fae11b549391a 12-Aug-2010 Kenny Root <kroot@google.com> Add OBB flags to support overlays

* Add flags field in OBB footer to support overlays.

* Remove unused 'crypto' and 'filesystem' fields in obbtool (could
later be supported in the "flags" field of the OBB footer).

* Add notes to document OBB classes before shipping.

Change-Id: I386b43c32c5edef55210acb5d3322639c08010ba
bf0cb26a1c6305f2a7795c2498591b6189cc5b79 11-Aug-2010 Kenny Root <kroot@google.com> am f5ee5358: am ac9717ab: Merge "Move OBB file reading to DefaultContainerService" into gingerbread

Merge commit 'f5ee5358c187107b2e5a1e1fbcb5a648d793c798'

* commit 'f5ee5358c187107b2e5a1e1fbcb5a648d793c798':
Move OBB file reading to DefaultContainerService
a02b8b05dd1e8b8cf169e1f89542ef835b11fc13 06-Aug-2010 Kenny Root <kroot@google.com> Move OBB file reading to DefaultContainerService

The system_server shouldn't touch files on the SD card. This change
moves the things that touch the SD card out to the
DefaultContainerService so that it will get killed if the SD card goes
away instead of the system_server.

Change-Id: I0aefa085be4b194768527195532ee6dddc801cfc
fb4e1e24a93c7e6bc0fcdb3f5cfadfbc19503cd8 16-Jul-2010 Kenny Root <kroot@google.com> resolved conflicts for merge of 181bb0ab to master

Change-Id: I2284e7c671d127da0d124fbabae8d887727fd5bf
02c8730c1bf19daf48bec8c6995df676a00a73b1 01-Jul-2010 Kenny Root <kroot@google.com> Add API to call to vold for mounting OBBs

* Unhide StorageService class; hide all the USB-related items

* Add application-visible API to StorageManager for OBB files

* Add class for parceling OBB info across binders (ObbInfo)

* Add a JNI glue class to libutils/ObbFile (ObbScanner)

* Add API to MountService to deal with calling into vold and checking

Change-Id: I33ecf9606b8ff535f3a2ada83931da6bbef41cfd
6f63dd5dc8ae38f866e297883435dd1fd3a5cdfd 30-Mar-2010 San Mehat <san@google.com> framework: Hide StorageManager for froyo - do not merge

Change-Id: I9a871e49cc9e1accb28c7e4b76bb0796eaf26d7b
e99bb5f10b90736d10cee9729b56cba156fc0921 19-Mar-2010 Suchi Amalapurapu <asuchitra@google.com> Add new method call back in MountService.
PackageManager invokes this call back when its done handling
the media status update.
Add new uid check for updateExternalMediaStatus
Change killPids method in ActivityManager.
Remove mountsd command in Pm.java We cannot arbitrarily enable/disable
packages in PackageManager now.

Change-Id: I28dcba4afd2b4486f68abdaa1628a31b66544c91
2e805b19cdb309ea6eeb6d2e8b0915681f831f5a 22-Mar-2010 Brad Fitzpatrick <bradfitz@android.com> Grammar fixes.

Change-Id: I77672d2260c26aee146bb6a853137c14e3db1f28
6ffce2e9a3c57634bb73f8ff133ca680f8070d5d 08-Mar-2010 Suchi Amalapurapu <asuchitra@google.com> Add new shutdown observer for MountService.
Use new observer before rebooting and shutting down.
Add some unit tests for unmount and shutdown code paths
Fix registering/unregistering part in MountService
Use ShutdownThread in PowerManager.reboot()
Add reboot support to ShutdownThread.
Remove MountService code from PowerManagerService.java and Power.java.
Clean shutdown/reboot is handled exclusively by ShutdownThread now.

Change-Id: Iefb157451d3d9c426cb431707b870a873c09123d
0eec21d97d9dc4eb4fdbad0e4c0fc53703452d02 26-Feb-2010 Suchi Amalapurapu <asuchitra@google.com> Add dialog to display storage users when enabling/disabling ums

Some error dialogs and related strings
MountService changes to follow unmount path when enabling ums.

Please note that MountService api setUmsEnabled does not return
error codes for now. This is a known limitation.
c42e29e0a58d07a95d470780216cdf1d67476bd6 23-Feb-2010 Suchi Amalapurapu <asuchitra@google.com> Add new handler mechanism in MountService to make unmount api asynchronous.
MountService updates state on PackageManager and then tries to
kill processes holding file references to media about to be unmounted by
invoking api on ACtivityManager. This is retried upto 4 times to make sure all
processes holding file references are killed before unmounting the media
at specified path.

Also changed PackageManger api to return boolean value to indicate if
MountService is likely to receive broadcasts related to apps on sd.
d970998b0d489774ad1c5b94b47d233912f00214 18-Feb-2010 San Mehat <san@google.com> framework: storage: Add 'force' option to unmount/destroy storage apis, and update callsites.

Also adds additional storage unit tests

Signed-off-by: San Mehat <san@google.com>
c1b4ce93be60aa09eda5653edc2f6a8ce864526d 17-Feb-2010 San Mehat <san@google.com> MountService: Add API call for getting a list of pids currently using the specified mountpoint

Signed-off-by: San Mehat <san@google.com>
a181b21305e0bcf171e2112a3ca5c08eb4fd2434 11-Feb-2010 San Mehat <san@google.com> MountService: Fix some mountset bugs and tighten up some return values

Signed-off-by: San Mehat <san@google.com>
6cdd9c08565a6871ad72cd388adfdfca23532e5e 09-Feb-2010 San Mehat <san@google.com> MountService: Add isSecureContainerMounted() API call

Signed-off-by: San Mehat <san@google.com>
b104340496e3a531e26c8f428c808eca0e039f50 05-Feb-2010 San Mehat <san@google.com> Framework: Clean up / Refactor Mount APIs

- Move android.storage.* -> android.os.storage.* and refactor users
- Refactor generic shares back to explicit ums enable/disable/isEnabled
- Remove media insert/removed event callbacks (not ready for Froyo)
- Remove 'label' from volume state change callbacks
- Add public API functions for enabling/disabling USB mass storage (permissions enforced
in MountSevice)
- Remove some stray un-needed import lines
- Move android.os.IMountService / android.os.IMountServiceListener -> android.os.storage
- Improve code comments

MountService: Add dup state check and move debugging behind a conditional
UsbStorageActivity: Fix review comments + a TODO
StorageNotification: Add @Override tags
StorageManager: Don't use a static Listener list
MountService: Reduce bloat and fix == where I meant .equals()
PackageManagerTests: Update for new API

Signed-off-by: San Mehat <san@google.com>