| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Refactored the directory structure so that services can be optionally
excluded. This is step 1. Will be followed by another change that makes
it possible to remove services from the build.
Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85
|
| |
|
|
|
|
|
|
|
| |
This fixes a bug in parsing the package name from a file name. The suffix
was not taken into account, resulting in all restrictions files being
removed on switching to a user.
Bug: 10947554
Change-Id: I62725bbbdc0e15609872de3896130d4acbc35386
|
| |
|
|
|
|
|
| |
Restrictions challenge is only to be used by device admins.
Bug: 10461761
Change-Id: I3db1249e2ce99f386602de59ed930302bb0a97fb
|
| |
|
|
|
|
|
| |
This causes all restriction pins to be reset.
Bug: 10535070
Change-Id: Ia2abf904505514d7e555b420c2b032a0094e0643
|
| |
|
|
|
|
|
|
|
|
| |
Since the Restrictions feature was removed, some cleanup code was
added to unblock apps. But the cleanup is causing some runtime exceptions
due to happening too early in the boot up sequence. Moved the cleanup
to after boot_completed broadcast is received.
Bug: 10212758
Change-Id: Id42eff16b54c24ea48cf8b3a81f77ea801264edd
|
| |
|
|
|
| |
Bug: 10200097
Change-Id: I4d95cd49a21e8f4f6b2c141d1205f81622c395b5
|
| |
|
|
| |
Change-Id: I80e08b38b5e32f3cb1af51398907510508ec199f
|
| |
|
|
|
|
|
|
|
|
| |
Since this is an operation that could take a few seconds to run and needs to be
completed even if Settings dies, best to do it in the user manager.
Refactored PIN challenge/setup UI with a field to verify existing pin
when changing to a new one.
Change-Id: I0b7df5b2ccb7f343aa9282a9245d3bc2b577a794
|
| |
|
|
|
|
| |
Partially fixes the mess that was caused by #9681399
Change-Id: Iaabe15c87d1b002f0b2210b34adcc31b8fb4329c
|
| |
|
|
|
|
|
|
|
|
|
| |
Introduces a new "blocked" state for each package. This is used to temporarily
disable an app via Settings->Restrictions.
PIN creation and challenge activities for use by Settings and other apps. PIN
is stored by the User Manager and it manages the interval for retry attempts
across reboots.
Change-Id: I4915329d1f72399bbcaf93a9ca9c0d2e69d098dd
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Loading the avatar icons and drawing them into the sized bitmap
turns out to be quite expensive and the cost increases with number
of users. Caching them shaves off several hundred milliseconds from
Keyguard inflation time during user switching on the lockscreen.
For instance, 15ms vs. 750ms with 3 avatars on a certain 7" tablet.
Bug: 7986933
Change-Id: I3e2065bfa25aa263133ba204ca364c3b04d7c0ff
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use a Bundle for persisting and passing to the application, but use a
list to return data back from an application that's exposing restrictions.
Changed the xml reading/writing code to store the value type in the Bundle
so that it can be reproduced when reading. Earlier we were assuming only
String and String[].
Bug: 8633967
Change-Id: I523d5553728edcf28a1e9d432f490b4956f34215
|
| |
|
|
|
|
| |
Created constants in current.txt and UserManager.java, modified restrictions access in UserManagerService.java.
Change-Id: If8d778d84af81dcbf5784f6e0afd9ef966cc8ecf
|
| |
|
|
| |
Change-Id: I02fbab8765d3f8646d0fe62ee867566d1d14707d
|
| |
|
|
|
|
|
|
| |
More getters and setters, better naming.
New extra defined for returning a custom intent that handles showing the
restrictions UI.
Change-Id: I2ee0cdb4edd99e71a9004ff5e929dbe243b45557
|
| |
|
|
|
|
|
|
| |
Created constants for these in UserManager and current.txt. Also created
an accessor for individual user restrictions that takes the restriction key
(removing individual methods for particular restrictions).
Change-Id: Ibb5517cbcdffadd3925f52cbe67d7d525813faa9
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A Device Owner cannot be uninstalled and is available to all users. It must
be registered before the device_provisioned flag is set.
Device admins can be disabled until used, but visible to device policy
manager, so that users wont be bothered with update requests.
Opened up a few related APIs for use by a system-installed Device Owner.
Change-Id: I847b5fe68c0f724863f778a67602b5bddc79d8e5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds the ability for apps to export some restrictions. The restrictions
are presented in Settings based on the restriction type. The user's
selections are stored by UserManagerService and provided to the
target user's application as a list of RestrictionEntry objects which
contain the key, value(s).
Also introduce a manifest entry for system apps to request that the
app be automatically installed in all users, so that they cannot be
deselected by the owner user.
Shared account filtering for non-whitelisted apps.
Change-Id: I15b741e3c0f3448883cb364c130783f1f6ea7ce6
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
API and preliminary implementation for sharing primary user accounts with a secondary user.
AbstractAccountAuthenticator has new methods to retrieve and apply a bundle of credentials
to clone an account from the primary to a restricted secondary user. The AccountManagerService
initiates the account clone when it starts up the user and detects that the user has
a shared account registered that hasn't been converted to a real account.
AccountManager also has new hidden APIs to add/remove/get shared accounts. There might be
further improvements to this API to make shared accounts hidden/visible to select apps.
AccountManagerService has a new table to store the shared account information.
Added ability in PackageManager to install and uninstall packages for a secondary user. This
is required when the primary user selects a few apps to share with a restricted user.
Remove shared accounts from secondary users when primary user removes the account.
Change-Id: I9378ed0d8c1cc66baf150a4bec0ede56f6f8b06b
|
| |
|
|
|
|
| |
And add support for respecting it.
Change-Id: Ia5cf9134c5f5741c3f55afadbe54f862da7bfe5b
|
| |
|
|
| |
Change-Id: Icf715e84ac7f8bd12eabd01f35860c36a60a8caf
|
| |
|
|
|
|
|
|
|
|
|
| |
Restrictions saved as key/value pairs, mostly booleans right now
but might be expanded to other types later.
Save and restore restrictions in the user manager service.
Enforce some of the restrictions at the framework level. Some
are enforced (also) at the app level, such as in Settings.
Change-Id: Id11ffe129cb6a177e094edf79635727388c26f40
|
| |
|
|
|
|
|
| |
This is required for upgrades from previous versions of JB.
Bug: 7547639
Change-Id: I21de14a70d6ba2ab21437b5f0721321df45226d2
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, installd doesn't correctly evict VFS cache entries for
FUSE emulated external storage. This means zygote processes have an
inconsistent view of the FUSE daemon when the system rapidly
recycles user IDs.
To work around this, only consider recycling a user ID after its
VFS cache entries have expired. The emulated storage FUSE daemon
currently uses a 'entry_valid' timeout of 10 seconds.
Bug: 7407902
Change-Id: Id80cbdd2215d8456467fb31e4c209ca12a505e16
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use a version number to update the name to Owner, from Primary.
For new installations, use the correct localized string.
Bug: 7417150
Fix a typo in the permission description.
Bug: 7333304
Change-Id: I123741e581c6a02d4597b3cd81f2ca48a8587e2a
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make USER_REMOVED an ordered broadcast and send it before the user's
state is completely removed from the system. This gives services the
opportunity to clean up their state, while still having access to the
user's directory and UserInfo object (such as serial number).
Tell SyncManager to skip over dying/partially created users.
Improve UserManager tests, waiting for users to be removed fully.
Bug: 7382252
Change-Id: I93cfb39c9efe6f15087bf83c569a2d154ef27168
|
| |
|
|
|
|
|
|
|
| |
This allows services watching for USER_REMOVED to fetch the serialNumber of a dying user.
Also fix an AIOOBE when building the userId array, typically on cleanup.
Bug: 7368826
Change-Id: I24e52278af8353b5744372127da4bf4fafc89baa
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Mark user 0 as initialized, otherwise it will show up as
uninitialized when viewed from secondary user if never switched to user 0.
Bug: 7301595
Also clean up any users that were in the process of being removed, if device
crashes at a bad time.
Change-Id: Ic16a6c9ccb6a64b7463725f6cc279335a821fcd5
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug: 7280093
User serial number was not being bumped up from 0 on a freshly wiped device
due to the userlist not existing. This was resulting in the first 2 users
getting the same serial number, messing up C2DM message delivery. This issue
doesn't show up if you boot the device before adding a user, so it wasn't
discovered earlier.
Change-Id: I8a5d99b9ad2ccfb66a16cacac9548ba53f0be387
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Issue #7211769: Crash dialog from background user has non-working "report"
The report button now launches the issue reporter for the correct user.
Also for crashes on background users, either disable the report button,
or simply don't show the dialog depending on the build config.
Issue #7244492: Bugreport button in Quick Settings doesn't actually do anything
Now they do.
Issue #7226656: second user seeing primary user's apps
I haven't had any success at reproducing this. I have tried to tighten up
the path where we create the user to ensure nothing could cause the
user's applications to be accessed before the user it fully created and thus
make them installed... but I can't convince myself that is the actual problem.
Also tightened up the user switch code to use forground broadcasts for all
of the updates about the switch (since this is really a foreground operation),
added a facility to have BOOT_COMPELTED broadcasts not get launched for
secondary users and use that on a few key system receivers, fixed some debug
output.
Change-Id: Iadf8f8e4878a86def2e495e9d0dc40c4fb347021
|
| |
|
|
|
|
|
|
|
|
| |
Keep track of user creation and last logged-in time.
adb shell dumpsys users
User switcher shouldn't show users about to be removed.
No need to check for singleton for activities.
Bug: 7194894
Change-Id: Ic9a59ea5bd544920479e191d1a1e8a77f8b6ddcf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current MTP kernel driver at /dev/mtp_usb is exclusive, meaning
only one process can have it open. In addition, each MTP session
with a desktop requires unique object IDs, which doesn't hold true
across users on the device.
To solve these two issues, when switching users we cycle the USB host
stack to disconnect both local and remote MTP connections, giving the
new user's media process a chance to claim /dev/mtp_usb, and causing
the desktop to initiate a new MTP session.
This change also allows BroadcastReceivers to registerReceiver()
allow retrieval of a current sticky broadcast. Adds a system property
to override maximum users. Removes MOUNTED broadcasts for secondary
users. Allows INTERACT_ACROSS_USERS to getCurrentUser().
Bug: 6925114
Change-Id: I02b4a1b535af95fb2142655887b6d15a8068d18a
|
| |
|
|
|
|
|
|
| |
Add a USER_INFO_CHANGED intent for lockscreen and quicksettings to use
to monitor changes to the user name or icon.
Bug: 7164040
Change-Id: Id6fb8b6d38ce04ccd02bbadcf0c10699783d6c03
|
| |\
| |
| |
| | |
into jb-mr1-dev
|
| | |
| |
| |
| | |
Change-Id: I3d0c1717d8b3add75ba43ed98e53ba02e6682c34
|
| |/
|
|
|
|
|
| |
So that we don't abuse the setUserIcon() for reading. So the new method won't try
to create the file, only return it if it exists.
Change-Id: I7a81d3f1b29d14d37e71f531744ce39f21d827ac
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- New public APIs to find out when a user goes to the foreground,
background, and is first initializing.
- New activity manager callback to be involved in the user switch
process, allowing other services to let it know when it is safe
to stop freezing the screen.
- Wallpaper service now implements this to handle its user switch,
telling the activity manager when it is done. (Currently this is
only handling the old wallpaper going away, we need a little more
work to correctly wait for the new wallpaper to get added.)
- Lock screen now implements the callback to do its user switch. It
also now locks itself when this happens, instead of relying on
some other entity making sure it is locked.
- Pre-boot broadcasts now go to all users.
- WallpaperManager now has an API to find out if a named wallpaper is
in use by any users.
Change-Id: I27877aef1d82126c0a1428c3d1861619ee5f8653
|
| |
|
|
|
|
|
| |
By default only 1 user is allowed. Some devices permit more than 1.
Set the real user limit in a device overlay for config.xml
Change-Id: I2e0bffa13393b954fcd20e55b92f20de980c58c0
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Now we default to the current user instead of user 0 for most commands
(except where we can do the command for all users).
Many more commands take a user argument: force-stop, kill, profile,
dumpheap.
Improved help text.
Change-Id: I719a13b4d31b668f57ca21e51d7043ac3e0d4e1b
|
| |
|
|
|
|
|
|
|
|
| |
Environment.getUserSystemDirectory(int userId)
Use it all relevant places that was hardcoding it.
Also, wipe out the user's system directory when user is removed, otherwise old state
might be transferred to a new user.
Change-Id: I788ce9c4cf9624229e65efa7047bc0c019ccef0a
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
You can now use ALL and CURRENT when sending broadcasts, to specify
where the broadcast goes.
Sticky broadcasts are now correctly separated per user, and registered
receivers are filtered based on the requested target user.
New Context APIs for more kinds of sending broadcasts as users.
Updating a bunch of system code that sends broadcasts to explicitly
specify which user the broadcast goes to.
Made a single version of the code for interpreting the requested
target user ID that all entries to activity manager (start activity,
send broadcast, start service) use.
Change-Id: Ie29f02dd5242ef8c8fa56c54593a315cd2574e1c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The activity manager now keeps track of which users are running.
Initially, only user 0 is running.
When you switch to another user, that user is started so it is
running. It is only at this point that BOOT_COMPLETED is sent
for that user and it is allowed to execute anything.
You can stop any user except user 0, which brings it back to the
same state as when you first boot the device. This is also used
to be able to more cleaning delete a user, by first stopping it
before removing its data.
There is a new broadcast ACTION_USER_STOPPED sent when a user is
stopped; system services need to handle this like they currently
handle ACTION_PACKAGE_RESTARTED when individual packages are
restarted.
Change-Id: I89adbd7cbaf4a0bb72ea201385f93477f40a4119
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
UserManagerService is now closely tied to PackageManagerService,
sharing the same locks. There is no longer direct access of
Installer by UserManagerService, instead the package manager is
back to solely owning it.
Creating a new user now correctly only installs system apps for
that user.
Fixed some misc bugs, where we were getting nulls when
querying content providers and instrumentation in uninstalled
users, incorrect locking, etc.
Change-Id: Ife69b6e373d0cf7c5cfc03fc588e36b43ad5d8b0
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This add a new per-user state for an app, indicating whether
it is installed for that user.
All system apps are always installed for all users (we still
use disable to "uninstall" them).
Now when you call into the package manager to install an app,
it will only install the app for that user unless you supply
a flag saying to install for all users. Only being installed
for the user is just the normal install state, but all other
users have marked in their state for that app that it is not
installed.
When you call the package manager APIs for information about
apps, uninstalled apps are treated as really being not visible
(somewhat more-so than disabled apps), unless you use the
GET_UNINSTALLED_PACKAGES flag.
If another user calls to install an app that is already installed,
just not for them, then the normal install process takes place
but in addition that user's installed state is toggled on.
The package manager will not send PACKAGE_ADDED, PACKAGE_REMOVED,
PACKAGE_REPLACED etc broadcasts to users who don't have a package
installed or not being involved in a change in the install state.
There are a few things that are not quite right with this -- for
example if you go through a full install (with a new apk) of an
app for one user who doesn't have it already installed, you will
still get the PACKAGED_REPLACED messages even though this is
technically the first install for your user. I'm not sure how
much of an issue this is.
When you call the existing API to uninstall an app, this toggles
the installed state of the app for that user to be off. Only if
that is the last user user that has the app uinstalled will it
actually be removed from the device. Again there is a new flag
you can pass in to force the app to be uninstalled for all users.
Also fixed issues with cleaning external storage of apps, which
was not dealing with multiple users. We now keep track of cleaning
each user for each package.
Change-Id: I00e66452b149defc08c5e0183fa673f532465ed5
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Cleanup PackageManager settings after the package directories are removed.
Change-Id: I264bc95ea21da653a234d7c81df5b25d4de7aa9e
|
| |/
|
|
|
|
|
| |
Update javadocs to be explicit about permissions.
Minor fixes in UserManagerService
Change-Id: I0d355e0a60e5dbdb49ed06091111d480ff249f3d
|
| |
|
|
| |
Change-Id: I3b4ed430f214468a22d3b3aaf3605e570cfd0ed1
|
| |
|
|
|
|
|
|
|
|
| |
So each user can have their own set of intent resolution preferences.
ResolverActivity now launches the activity on the correct user, and
persists the preference for the correct user.
Bug: 6961905
Change-Id: I6d3a8a9af89bc649277d4fc8d0f367ee123f8392
|
| |
|
|
|
|
|
|
|
| |
Use AtomicFile for usermanager files.
Added a MANAGE_USERS permission that apps (signature permission) can use
to create/query/modify/remove users.
Change-Id: I5cf232232d0539e7508df8ec9b216e29c2351cd9
|
