| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Using a direct ByteBuffer allows the buffer to be passed to/from JNI
without intermediate copies.
Test: FileBridgeTests, apps get installed without allocation churn
Bug: 192020559
Change-Id: Ic5965c94ba14de6599af67d2e3bba33cd9996046
|
| |
|
|
|
|
|
|
| |
It helps remove it from the @CorePlatformApi
Bug: 154796679
Test: ArrayUtilsTest
Change-Id: I0c8f194a74a16b2cc46f9eea4571d5fb674fbc28
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch switches everything over to ParcelFileDescriptor, but the
important part of the change is changing FileBridge.getClientSocket to
return a ParcelFileDescriptor. Previously, it returned a raw
FileDescriptor that was closed by FileBridge, and the only non-test
caller of that function was taking it and constructing a
ParcelFileDescriptor from it, which would also attempt to close the fd,
leading to an fdsan abort.
Bug: http://b/162811367
Test: atest FileBridgeTest
Test: treehugger
Change-Id: I724ea7601bb072c98895f68abc08bb0e339d1db0
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Start using ArrayUtils.throwsIfOutOfBounds instead. The Arrays method
is going to be removed.
Bug: 78447530
Test: cts-tradefed run cts-dev -m CtsOsTestCases (shows only unrelated failures: two user/userdebug mismatches and one from b/79471510)
Test: cts-tradefed run cts-dev -m CtsDrmTestCases
Test: adb shell am instrument -w -e class android.content.pm.LimitedLengthInputStreamTest com.android.frameworks.coretests/android.support.test.runner.AndroidJUnitRunner
Test: adb shell am instrument -w -e class android.os.FileBridgeTest com.android.frameworks.coretests/android.support.test.runner.AndroidJUnitRunner
Change-Id: Ib3cd4f4ead61dbec1ccdc94b2ad4ad9c28574582
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When PackageInstaller was originally written, we needed a way to
ensure that untrusted apps were fully hands-off of any opened
FileDescriptors before we could proceed with certificate checks.
The best way to satisfy this security constraint was to build
a utility called FileBridge which was a (terribly slow) RPC
mechanism that could be cut off when needed.
However, a new feature called "AppFuse" offers to create a "proxy"
FileDescriptor which relays file operations back into userspace, and
it's much more performant than FileBridge. (Local benchmark tests
that deliver a 64MB APK show that AppFuse is about 45% faster than
FileBridge.) Because userspace is still involved in every operation,
we can still "revoke" access at any time to deliver on our security
requirements.
This change adds support for AppFuse, while keeping around FileBridge
as the default for now. An upcoming flag-flip CL can be used to
easily switch between the two modes.
Test: builds, boots, benchmarking, stress tests
Bug: 35728404, 31332379, 25510838
Change-Id: I2a70c0ca922a5ba468ffdef7b2fd8ab79f7cfefd
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For restore use-case, session creation needs to complete quickly, so
delay ASEC allocation until session is opened. When preflighting
size checks, only consider external when we have a known size for the
container. Also relax size checks when using MODE_INHERIT_EXISTING
on external, since we don't know how much of existing app will be
copied over.
Consider session as "active" while commit is ongoing, until we're
either finished or pending user interaction.
Always publish first client needle movement away from 0. Use 25% of
internal progress to reflect ASEC allocation.
Avoid CloseGuard messages about leaking PFDs.
Bug: 17405741, 17402982
Change-Id: I6247a1d335d26621549c701c4c4575a8d16ef8c2
|
| |
|
|
|
| |
Bug: 17183379
Change-Id: I7f52af3201975e8c626a6c6d7f508fd8d006b204
|
| |
|
|
|
|
|
|
|
| |
Even though we've grabbed the underlying FD, the PFD could be GC'ed
and when finalized it would end up closing the underlying FD. This
fix ties the PFD object lifecycle to the returned OutputStream.
Bug: 17183379
Change-Id: Ibee8f4cf78fee357181a250d15f2a653294b2877
|
| |
|
|
|
| |
Bug: 17183379
Change-Id: Ifd4dc690c04439e1f7abebd8e0ca4e1ff97d9cc8
|
| |
|
|
|
| |
Bug: 17183379
Change-Id: I8856fc149915281093f83f46bad64f211d134322
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Flesh out implementation of install session observers. Carve out 20%
of published install progress for final system operations such as
dexopt, etc.
Add dumpsys output for active install sessions. Create explicit
fsync() instead of overriding meaning of flush(). Hack to throw
IOExceptions over Binder calls.
Bug: 14975160, 15348430
Change-Id: I874457e40c45d2661bc0a526df9285ffea4bb77c
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Separate commands to create an install session, stream files into the
staging area, and then commit the install. Streaming can accept data
from stdin across adb, avoiding extra copy from push.
Extend FileBridge to support blocking close(). Always destroy
session regardless of result.
Bug: 14975160
Change-Id: Ic3f462e7d1901079b785e210228950cdfa676466
|
|
|
Installers are interested in both streaming APK data and establishing
a happens-after relationship to support resuming downloads after a
process kill or battery pull.
This exposes a generic OutputStream for writing, and hooks up flush()
to be a blocking call which returns only when all outstanding write()
data has been fsync()'ed to disk.
Tests to verify behavior.
Bug: 14975160
Change-Id: I38289867c80ac659163bb0c2158ef12d99cc570d
|
