785d618b1a4c66d885cafec34ed1981daee6736d |
|
19-Apr-2018 |
Victor Hsieh <victorhsieh@google.com> |
Allow only selected priv apps to run OOB - Add pm.dexopt.priv-apps-oob-list to allow selecting specific packages to run OOB, in a comma-separated string of package names. When set to "ALL" (default), all priv apps will run in OOB. - Add a global config priv_app_oob_list to persist the state for experiment. - Also make background dexopt to respect the config. Test: 0. Reset previous OOB settings. 1. settings put global priv_app_oob_list \ com.google.android.gms,com.android.vending 2. cmd package compile -m speed -f com.google.android.gms (then com.android.vending, com.google.android.googlequicksearchbox) 3. dumpsys package dexopt # .vending and .gms are "verify", .googlequicksearchbox is # "speed". Test: settings put global priv_app_oob_list 'ALL' # see the same result Test: settings delete global priv_app_oob_list # see the same result Test: atest SettingsBackupTest Bug: 30972906 Bug: 63920015 Change-Id: Iba47b4763a026cdc94939db0a743822278917269
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
629a5f9705368990515ca4754f58f2d4ffb78a1e |
|
31-Mar-2018 |
Daniel Cashman <dcashman@google.com> |
Add ROLLBACK past signing cert capability. Add a new capability that may be granted to past signing certificates after changing to a new signing certificate that will allow applications to go back to a previous signing certificate. This capability is intended to not be granted, but may be added later in the event that a signing certificate change caused undesirable behavior. Bug: 73927694 Test: PkgInstallSignatureVerificationTest Change-Id: I7453a2da00e740a55de45e7b144f308a9bc33772 (cherry picked from commit a1d0cf74f93bc6cdef054e73c9f09f44cc44d501)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
b5a564a05645cd95ba9833b0fa804cd98f192c6b |
|
27-Mar-2018 |
Victor Hsieh <victorhsieh@google.com> |
Downgrade OOB warning of priv app to warning We can't enforce priv apps to uncompress .dex and .so just yet until all priv apps from Play have done so. Also fix the wrong default value. Test: build Bug: 76440172 Bug: 63920015 Change-Id: I98ab7272702c1693752f8e4ecb53e1b1eb5e1f35
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
850f29a169e771acd889bf78f0a9514aaaf3d309 |
|
01-Feb-2018 |
Jeff Sharkey <jsharkey@google.com> |
Merge changes Iac97c342,I52518d52 * changes: Enable sendfile() and splice() optimizations. Use sendfile() and splice() to speed up copying.
|
b18f899241231991e314c40990eb8e9f703732d4 |
|
01-Feb-2018 |
Jeff Sharkey <jsharkey@android.com> |
Use sendfile() and splice() to speed up copying. There are several places across the OS where Java code is simply copying data between two points, which requires bringing that data out into userspace before going back into the kernel. (That's pretty lame.) The patches for the recent Meltdown/Spectre security issues have made this overhead even worse, so it's finally time to move this copying directly into the kernel. This change adds a couple new FileUtils.copy() methods which inspect the given streams/FDs, and attempt to do as much optimization as possible before falling back to a slower userspace-based copy. Benchmarks are showing typical improvements of 44% for 32KB files, 50% for 32MB files, and 35% for 32MB pipes. Plenty of tests are included, and there's a simple kill-switch that can be used to enable/disable the feature if it starts causing any trouble. (A future CL will enable the optimizations.) Test: bit FrameworksCoreTests:android.os.FileUtilsTest Test: vogar --mode app_process --benchmark frameworks/base/core/tests/benchmarks/src/android/os/FileUtilsBenchmark.java Bug: 71932978 Change-Id: I52518d529da5d961610998b9f61399064d8025cd
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
1dbe6d02849cb4af87bbd26b7537e11badead3b1 |
|
23-Jan-2018 |
Dan Cashman <dcashman@google.com> |
Add key rotation. Change certificate checks to also consider the possibility of signing certificate rotation by checking the SigningDetails#pastSigningCertificates field. In particular, add a SigningDetails#checkCapability method which reports whether or not the older SigningDetails is an ancestor of the current one, and queries whether or not the old one has been granted capabilities, such as being a sharedUser. Bug: 64686581 Test: Builds, boots, browser and camera work, all with v3 signing. Change-Id: I4199ff3f2d9ae959325b117b28e666ae31889800
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
5f76124551aa6582bb82034f8423b9d84f633d70 |
|
20-Jan-2018 |
Victor Hsieh <victorhsieh@google.com> |
Skip priv app full apk verification if has verify When ro.apk_verity.mode is on, full apk verification is only skipped if the apk already has verity enabled in the file system, and if the apk contains the Merkle tree root hash we need. Since the configuration in the file system is duplicated from the apk (including the offset and size of Signing Block and the Merkle tree), in order to prevent offline attacker from changing it, we need to measure the observed configuration and make sure it matches the kernel's view. Test: observed package manager's requeset to installd (only) for updated priv apps. Bug: 30972906 Change-Id: I33531a3f6148232b777ea8bfd02f13700649e317
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
55f1499592ba632a0166b415a4aa7bf1d33a9c96 |
|
13-Jan-2018 |
Victor Hsieh <victorhsieh@google.com> |
Enable verity to updated priv app if root hash exists With the flag ro.apk_verity.mode set to non-zero, on install time, package manager now tries to enable verity for priv apps if the root hash is included in the APK's Signing Block. Test: Install a priv app with verity root hash in the Signing Block. Saw the tree is built, passed to installd. Failed on ioctl at the moment since kernel is not ready. (need the final installd patch) Bug: 30972906 Change-Id: I17b6589b44485fb377d5618da55fb2a4572d4ae8
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
5cdda3425ccf3c62e400a1646615f4479a8266af |
|
19-Jan-2018 |
Daniel Cashman <dcashman@google.com> |
Add API to expose signing certificate proof-of-rotation. With the addition of APK Signature Scheme v3, the platform now can support key rotation by using the proof-of-rotation provided by the new scheme. Create a new API which allows checking of the entire provided history of an APK's signing certificates, not just the current signer. This should allow for changes of APK signing certificates without fear of losing access to resources that would have been provided under the old signing certificate. Change getPackageInfo(GET_SIGNATURES) to return the oldest signing certificate in the chain so that apps which do programmatic checks, but are not updated to use the new API, still get the same information they would have gotten had there been no rotation. Bug: 64686581 Test: Builds, boots. Change-Id: I8982fd4cce60f5d85a6180d157a6e2a661b1a6d7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
77029c5b16351775cb2333369ef9a4bc1d9acf58 |
|
19-Jan-2018 |
Daniel Cashman <dcashman@google.com> |
Add proof-of-rotation information to PackageParser.SigningDetails APK Signature Scheme v3 enables APK signing key rotation by allowing an APK to embed a proof-of-rotation structure linking past signing certificates to the current one. This information needs to be exposed to the system before it can be used to make authorization decisions. Bug: 64686581 Test: Builds and boots. Change-Id: I49961f92fcec141d73b36197147d5d8fa64c149e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
0c8f2e01064d6c901fcf75fe59c949cd10b0c47f |
|
06-Oct-2017 |
Victor Hsieh <victorhsieh@google.com> |
Force verifying updated priv apps on boot if enabled If ro.apk_verity.mode is non-zero (default 0), package manager will force verifying updated priv apps in /data, and make sure the certificate matches the original one in /system, which we trust. Test: logcat shows force collecting cert only if enabled Bug: 30972906 Change-Id: I33f98930aaaaf76dbe2c0bc664e841f7892eb00e
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
420d58a9d867a3ce96fb4ea98bd30ee4d44eab4d |
|
19-Dec-2017 |
Patrick Baumann <patb@google.com> |
Move signing data into SigningDetails container This change replaces fields from Package that relate to signing with a single SigningDetails container. It does the same with InstallArgs and InstallParams. This simplifies much of the code that would have otherwise relied on synchronizing many fields and will enable PackageManagerService to make install-time descisions based on package data instead of forcing it to be part of package parsing. This is a retake of ag/3382280 Test: android.appsecurity.cts.PkgInstallSignatureVerificationTest passes. Test: atest google/perf/boottime/boottime-test to ensure no startup regression. Bug: 68860689 Change-Id: I0df45ce537df5552a7e60e4d727a4dcef23c2252
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
3e654843d55a292b337eb661389fb44e05a6e7a7 |
|
29-Nov-2017 |
Todd Kennedy <toddke@google.com> |
Fix if clauses During a refactor, we introduced updated the method used to verify signatures. The "&& additionalTest" clauses were added to the wrong if statement [off-by-one]. So, we were performing a compat signature check when we shouldn't and not throwing an exception when we should. Change-Id: Ie479be5b254b9b13451ab07a07d20a68c7b828ad Fixes: 69053002 Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AppSecurityTests#testSharedUidDifferentCerts
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
96cb94bab4d366fa3f9c90b162482d750debbe37 |
|
29-Nov-2017 |
Todd Kennedy <toddke@google.com> |
Update error text Text was updated to be slightly more readable, but, wound up breaking the tests. Reverting the word change. Change-Id: I299245fc05f15ff6f7979c4c0365fe885b3c2e15 Fixes: 69056838 Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.PkgInstallSignatureVerificationTest#testCorrectCertUsedFromPkcs7SignedDataCertsSet Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.PkgInstallSignatureVerificationTest#testV1SchemeSignatureCertNotReencoded Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.PkgInstallSignatureVerificationTest#testV2SchemeSignatureCertNotReencoded
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
ddaaf4cf483d392e78a31885a410dc9dcaf646c4 |
|
07-Nov-2017 |
Todd Kennedy <toddke@google.com> |
Remove scanFile argument In several locations we were passing both a parsed Package object and a scanFile File object. But, the Package object was parsed from the scanFile! Instead, just pass the singular Package object and pull the scanned file from it. Bug: 63539144 Test: bit FrameworksServicesTests:com.android.server.pm. Change-Id: Ibd200fb567e005869de61d9c123f211fa9a38f0a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
7c4c55dcb6d386fb3843069a02c177df66df09c7 |
|
02-Nov-2017 |
Todd Kennedy <toddke@google.com> |
Move code No functional changes. Moving code from PackageManagerService to other classes where it makes more sense. Make some methods static when they could easily be made so. Bug: 63539144 Test: bit FrameworksServicesTests:com.android.server.pm. Change-Id: If515315d27d9bf3d19cde0062deade5d05924b6d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
96aac9b3754b9f85b3db87435d890c43092be20d |
|
17-Oct-2017 |
Tobias Thierer <tobiast@google.com> |
Framework: Prefer android.system.Os over libcore.io.Libcore.os This is a pure refactoring with no a behavior change other than that these calls now go through android.system.Os, which immediately delegates to Libcore.os. This is a first step towards separating framework (via android.system.Os) vs. libcore (via Libcore.os) clients of these low level APIs. Separating these is a prerequisite towards moving the API parts of android.system into framework, and moving the rest into a different package in libcore. Test: Treehugger Bug: 67901714 Change-Id: Ifd8349ec5416e5693f40dba48fdf2bef651b7d81
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
0eb9738d1708d9aa7846782046e6828ffc9fe901 |
|
04-Oct-2017 |
Todd Kennedy <toddke@google.com> |
Move mPermissions from package settings Create a settings class only for use with permissions. It's subservient [and should only be accessed directly by] package settings or the permission manager. The rest of the permission related data needs to be moved to permission settings. At which point we can start pulling the permission methods out of the package manager service and into the permission manager. We still have a somewhat tight relationship between package manager and the permission manager. It's unclear how far we need to separate them and if relying entirely on an internal interface is sufficient. Bug: 63539144 Test: Manual. Builds and runs Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.PermissionsHostTest Test: cts-tradefed run commandAndExit cts-dev -m CtsPermissionTestCases Test: cts-tradefed run commandAndExit cts-dev -m CtsPermission2TestCases Test: bit FrameworksServicesTests:com.android.server.pm.PackageManagerSettingsTests Change-Id: I616184fa2135a11687e4ce615884f861466fdebe
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
61dc6ffcbd917f4b39821a0dcc9266d349343a6a |
|
26-Sep-2017 |
Nicolas Geoffray <ngeoffray@google.com> |
Merge "Special handling of priv-apps in PMS." am: 107899c599 am: 15b0493360 am: 35455f2553 Change-Id: I8bfe46aad8166d4d4b7346fe10f3e148a34ccf0b
|
20a894ed549a66786c3ca999f1a0083970b7e59c |
|
08-Sep-2017 |
Nicolas Geoffray <ngeoffray@google.com> |
Special handling of priv-apps in PMS. If pm.dexopt.priv-apps is set to false, don't do any dexopt on it, and check the APKs have uncompressed and aligned code. bug: 30972906 bug: 63920015 Test: works as expected when pm.dexopt.priv-apps is true or false Change-Id: I72a322defb459549617028e030f1aec997223af5
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
52a452cf685c56dc6872dbb19e822736484f672f |
|
04-Aug-2017 |
Calin Juravle <calin@google.com> |
Record usage information per split Increase the granularity of usage information to store data on each split separately. Now, splits get their own useByOtherApps flag and can be compiled speed-profile when only the primary apk is loaded by other apps. Bug: 64124380 Test: runtest -x services/tests/servicestests/src/com/android/server/pm/dex/* Change-Id: Ibf9e7b9e67db9c6f0f45dc695bce8fbeb7be20ae
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
3b74c41776da66562a68b12a0fed8d20b6952868 |
|
04-Aug-2017 |
Calin Juravle <calin@google.com> |
Use PackageUseInfo in DexOptimizer Pass the PackageUseInfo directly to DexOptimizer and use it to detect if a package is used by other apps. Move the usage checks closer to dexopt so that they can be easily adapted when we add usage info for each of the app's code paths separately. This is a refactoring CLs to reduce the size and complexity of the upcoming CLs which record the usage info for each of the application splits. Bug: 64124380 Test: runtest -x services/tests/servicestests/src/com/android/server/pm/dex/* Change-Id: I8031590cdaff81ab1792ca19baddb6cb36dc021d
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
2e565e6d6ec1a8be52f9d2b5a67597cf4791434d |
|
19-Jul-2017 |
Shubham Ajmera <shubhamajmera@google.com> |
Fix: handle null value for packageUsageInfo while deciding unused apps Bug: 36598475 Test: Verified for AOSP calculator Change-Id: I86633a729ae34c621f9026fcf0486f2c0a5c7e4c
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
246dccf9327631597767afe418ce43ae6d07d102 |
|
25-May-2017 |
Shubham Ajmera <shubhamajmera@google.com> |
Reduce app size by downgrading inactive apps This will trigger when the device will have low space. Active apps here refer to the apps which were either active in foregrond or in background and also used by other packages. Apps which are inactive for X days downgraded to verify. X is determined by sysprop pm.dexopt.unopt_after_inactive_days If the system properties are not set, no effect will take place. The above operations will take place in background dexopt service. If user uses the app again, it will again be speed-compiled when background dexopt service starts next time. Bug: 36598475 Test: manual * Remove the check in the code that allows downgrade only when the space is low on the device. * adb root * Set pm.dexopt_unopt_after_inactive_days to 600 * Make sure the current time of the device is correctly set * Install 2 non system apps - B, C * Downgrade B to extract * Upgrade a system apps to speed-profile - E * Downgrade a system app to quicken - G * adb shell cmd package bg-dexopt-job Expected Results: * Extract - B * Verify - C * There should not be any entries for apps E an G in dalvik_cache Change-Id: I68f9f617d6722a7ba8b00aa2181cb38a165cfc51
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
07b6eabe79261267ecd7114790e96e1f6828672a |
|
02-Mar-2017 |
Calin Juravle <calin@google.com> |
Use DexManager logic to decide if a package is used by other apps Stop relying on the file marker recorded by the runtime. We have the same data available from the DexManager. The clean up CL to remove the handling of the file markers will follow. Test: verify that "shared packages" (e.g. gmscore) are not compiled with speed-profile. Bug: 32871170 Change-Id: I6cc5834ac88489e69896cd5fba9ed9968aa7f5a2
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
0318162abcbd07a0472989df43e00e353fac731b |
|
01-Dec-2016 |
Calin Juravle <calin@google.com> |
Add logic for recording dex files use on disk Add PackageDexUsage to handle the I/O operations of dex usage data. It is responsible to encode, save and load dex Test: runtest -x .../PackageDexUsageTests.java Bug: 32871170 Change-Id: I2acc5430080a7e937c798513d8959ab631decfd9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
dab38e000436bf8234955b0333eaecf389e65b6f |
|
10-Sep-2016 |
Andreas Gampe <agampe@google.com> |
OtaDexopt: Downgrade apps when low on space When running low on space, attempt to "downgrade" apps to lower states in the optimization flow to free up space before starting the OTA. Bug: 31347757 Change-Id: I3a44b106b83d86d7290f4c557267b319f28de12a
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
d3e07d46d41e8411def67c2150a0bae064e900dc |
|
07-Sep-2016 |
Andreas Gampe <agampe@google.com> |
Package Manager: Sort list of packages to dexopt Sort the list by last-use-time, if available. Interleave the dependencies with the packages. Clean up the code a bit for better code reuse and ease of writing filters. This should help with prioritization under space constraints. Bug: 31347757 Change-Id: Ia0ec62faf013a379dc4c80b18fd6b2bfbfa470c4
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
fa78b219b7dc006a2863fc0a6d2ff68324797f8f |
|
26-May-2016 |
Nicolas Geoffray <ngeoffray@google.com> |
Look at last used app when filtering. In order to cover cases where a device hasn't been used for a while. bug:28969280 Change-Id: I897e833ed83912b848f25a7a81fe59f0ee655be1
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
6d99f796711882ba60977c211d0f92252fe7ad4a |
|
16-May-2016 |
Narayan Kamath <narayan@google.com> |
PackageManager: Fix reference profile canonicalization. Foreign dex markers are named in the runtime by calling realpath(3) on the input dexfile path and replacing "/" with "@". On the Java side, we're using File.getCanonicalPath, which is similar but isn't quite the same. It tries to call realpath() directly, but if that fails, it resorts to a series of increasingly desperate measures to calculate a "canonical path". We just use realpath instead. Also, don't attempt to delete a profile if canonicalization fails. bug: 28740848 Change-Id: Ie5d5af590187e793db633342a42b923865e5c005
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
90e269917e1d8f9fadb12c3528b8c360b2271e82 |
|
18-Apr-2016 |
David Brazdil <dbrazdil@google.com> |
Change app selection policy for post-OTA verification Changes the policy for selecting packages which will be pre-verified during post-OTA boot animation. For Nx to Ny, an app is pre-verified if used in the foreground in the last 7 days, or if its APK was loaded by other apps. For M to N (or early N builds without detailed stats), an app is pre-verified if it has any recorded use in the last 7 days. Bug: 27902702 Bug: 27350503 Change-Id: I2b38daf017ecd0e5aa5ed596ed9351cffa03dbcb
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
ca82e616d3131570bf2ee29778f4796f343720d5 |
|
20-Apr-2016 |
Brian Carlstrom <bdc@google.com> |
Add reasons to notifyPackageUse calls This is so we can record more specific times in PackageUsage. If file with only one timestamp per package is found, the value is copied to all usage slots. Bug: 27902702 Change-Id: I8affe43c735e54620a9204433aad367cfddfded7
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
d5896630f6a2f21da107031cab216dc93bdcd851 |
|
05-Mar-2016 |
Jeff Sharkey <jsharkey@android.com> |
Move more PM calls to ParceledListSlice. Since the data returned by these calls can grow unbounded based on various GET flags, we need to switch 'em over. Bug: 27391893 Change-Id: Ie849ca30dbaaa91158da4c83675657715629a0ee
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
b62d690e7e931a07a9503ccbd7cc107b1af3fc64 |
|
11-Feb-2016 |
David Brazdil <dbrazdil@google.com> |
Address minor comments after go/ag/858723 Change-Id: I549bd3290ae47d46b2ef10553466db2c29296ee9
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|
6b4736d604fd91aaedc6f3fe9be5a1e757aab86c |
|
04-Feb-2016 |
David Brazdil <dbrazdil@google.com> |
Apply 'used in last 7 days' filter to OTA package extraction Bug: 26813999 Change-Id: I5f1eddb1d5e9f0bbaab62d86e6ccf3cc097c4edb (cherry picked from commit e292175fbd495a63b48560439d2a84b239f91e18)
/frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java
|