| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |/ / /
| | | |
| | | |
| | | | |
Change-Id: I2640d3dc2200b589e2beb42a43cc93efd090f06e
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
admin" into jb-mr2-dev
* commit 'f3dc9f0aa91d2785b715f251b144487ec1b57ecc':
Device Owner, a special kind of device admin
|
| | |\ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
A Device Owner cannot be uninstalled and is available to all users. It must
be registered before the device_provisioned flag is set.
Device admins can be disabled until used, but visible to device policy
manager, so that users wont be bothered with update requests.
Opened up a few related APIs for use by a system-installed Device Owner.
Change-Id: I847b5fe68c0f724863f778a67602b5bddc79d8e5
|
| |\| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
PackageManagerService." into jb-mr2-dev
* commit 'd6c1394dd0046944e66d391ff0e099fb5ac57751':
Add seinfo parsing to PackageManagerService.
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch set allows the PMS to parse the
mac_permissions.xml file which contains the
seinfo values. Each package that is installed
on the device will be assigned an seinfo value
based on policy. This seinfo value will help label
the app process and data directory. Modifications
include adjustments to ApplicationInfo.java
to store the seinfo tag per package as well as
adjustments to installd to communicate the seinfo
tag to libselinux.
Change-Id: I61ad1ea12fb6a9a6d0b108ec163bc4bf4c954b58
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
grantPermission / revokePermission" into jb-mr2-dev
* commit 'd7afbeb52a289b98095872489928783fa008d424':
PackageManagerService: update grantPermission / revokePermission
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently, grantPermission / revokePermission only handles development
permissions. This change extends these two functions to handle normal
and dangerous permissions.
A normal / dangerous permission can modified if it is marked as
optional (android:required="false") using the "am grant" / "am revoke"
commands.
Currently, this change is a no-op. The package parser code
does not currently honor <uses-permission android:required="false"> in
the application's manifest, and assumes a permission is always required.
This change sets the ground for future optional permissions work.
Change-Id: I34f02ffd714e8a9a37b9f87df89cef915b1b6780
|
| |\| | |
| | | |
| | | |
| | | | |
Change-Id: I752c387c013c3deaad836df9b0c2294e7149a32a
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Adds the ability for apps to export some restrictions. The restrictions
are presented in Settings based on the restriction type. The user's
selections are stored by UserManagerService and provided to the
target user's application as a list of RestrictionEntry objects which
contain the key, value(s).
Also introduce a manifest entry for system apps to request that the
app be automatically installed in all users, so that they cannot be
deselected by the owner user.
Shared account filtering for non-whitelisted apps.
Change-Id: I15b741e3c0f3448883cb364c130783f1f6ea7ce6
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
requestedPermissionsRequired" into jb-mr2-dev
* commit 'f5eaf95bc5a3240b315376a284e6ee4a60cc5145':
PackageManagerService: honor requestedPermissionsRequired
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Don't automatically grant all normal/dangerous permissions. Instead,
check the value of requestedPermissionsRequired to see if it's required.
If the permission is not required, then only grant it if the permission
was previously granted to the application.
Change-Id: I86b1fae530c006d353f9fa22137598bc88253805
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
apks." into jb-mr2-dev
* commit '0c42b58041dc0ede9865335fa48637fb6b677cd3':
Implement limited shared libraries in apks.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
You can now declare shared libraries in apks that are
on the system image. This is like the existing mechanism
of using raw jar files as shared libraries, but since they
are contained in an apk the library can actually be updated
from the Play Store. And this even (mostly) works.
There are some deliberate limitations on this feature. A
new shared library *must* be declared by an apk on the system
image. Installing an update to a system image apk does not
allow you to add new shared libraries; they must be defined
by everything on the base system image. This allows us to
get rid of a lot of ugly edge cases (shared libraries that were
there disappearing after an update is uninstalled for example)
and give some brakes on apps that happen to be pre-installed
on devices from being able to throw in new shared libraries
after the fact.
In working on this, I ran into a recently introduced bug where
uninstalling updated to system apps would fail. This was done
to allow for the new restricted users that don't have all
system apps, but conflicts with the existing semantics for
uninstalling system apps. To fix this I added a new uninstall
flag that lets you switch on the new mode if desired.
Also to implement the desired logic for limitations on declaring
new shared libraries in app updates, I needed to slightly tweak
the initial boot to keep the Package object for hidden system
packages associated with their PackageSetting, so we can look at
it to determine which shared libraries are allowed. I think
this is probably more right than it was before -- we already
need to parse the package anyway, so we have it, and when you
install an update to a system app we are in this same state
until you reboot anyway.
And having this fixed also allowed me to fix another bug where
we wouldn't grant a new permission to an updated app if its
system image version is updated to request the permission but
its version is still older than whatever is currently installed
as an update. So that's good.
Also add new sample code showing the implementation of an apk
shared library and a client app using it.
Change-Id: I8ccca8f3c3bffd036c5968e22bd7f8a73e69be22
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The goal here is to make sure that we aren't allocating a UID that
could have been in use since the last time the device booted.
Bug: 8256571
(cherry picked from commit af70d15543c89a53f064492f4e3d17c446e00039)
Change-Id: I8b11811df8d5a8ad1aa064abb43db020aceb29e3
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
PackageParser." into jb-mr2-dev
* commit '768c5c4d9d736c55d7ef580142d602850f47a098':
Use enabled/enabledSetting from PackageParser.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
PackageParser.updateApplicationInfo() has already interpreted the
various COMPONENT_ENABLED flags for us, no need to clobber them.
Bug: 8331767
Change-Id: If1363c5651a2f0326ee60e92517cfc0e6f256699
|
| |\| | |
| | | |
| | | |
| | | |
| | | | |
* commit '3eb3774f8e54a6f43dcf4f27e1b7a62676791ff6':
Shared accounts and sharing of apps
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
API and preliminary implementation for sharing primary user accounts with a secondary user.
AbstractAccountAuthenticator has new methods to retrieve and apply a bundle of credentials
to clone an account from the primary to a restricted secondary user. The AccountManagerService
initiates the account clone when it starts up the user and detects that the user has
a shared account registered that hasn't been converted to a real account.
AccountManager also has new hidden APIs to add/remove/get shared accounts. There might be
further improvements to this API to make shared accounts hidden/visible to select apps.
AccountManagerService has a new table to store the shared account information.
Added ability in PackageManager to install and uninstall packages for a secondary user. This
is required when the primary user selects a few apps to share with a restricted user.
Remove shared accounts from secondary users when primary user removes the account.
Change-Id: I9378ed0d8c1cc66baf150a4bec0ede56f6f8b06b
|
| |\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
jb-mr2-dev
* commit '40bbc3bb9997c6e9ea9aae42edd6bb4430d70978':
Add location sharing toggle user restriction.
|
| | |\ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
And add support for respecting it.
Change-Id: Ia5cf9134c5f5741c3f55afadbe54f862da7bfe5b
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
|
| | |/ / /
| | | |
| | | |
| | | |
| | | | |
Bug: 7554291
Change-Id: Ic693a544f1e2cab20f6540b3fc4ff673e35bd2c6
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When a top-level permission group is specified, lookup the group id
by name instead of parsing the value as an integer. This matches
what we do when the group tag is a child of <permission/>.
Change-Id: I54954ae683cecdf72cf846f75383bf6ba862dc5b
|
| | | |
| | |
| | |
| | | |
Change-Id: Icf715e84ac7f8bd12eabd01f35860c36a60a8caf
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Rework how the shell user is defined so that it is
associated with an actual apk, instead of being a free
roaming uid with special permissions assigned to it.
This allows us to correctly account for its operations
in app ops.
Implement a special case for the root user in app ops --
it is always allowed, always with the package name "root".
Add various code to take care of cleaning up package state
from app ops -- when packages are uninstalled, and during
boot if any packages currently being stored no longer exist.
Also fix a bug in the activity manager to correctly grant
permissions in all cases when onNewIntent() is being called.
Change-Id: Iae9f6d793ee48b93518c984ad957e46ae4582581
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Restrictions saved as key/value pairs, mostly booleans right now
but might be expanded to other types later.
Save and restore restrictions in the user manager service.
Enforce some of the restrictions at the framework level. Some
are enforced (also) at the app level, such as in Settings.
Change-Id: Id11ffe129cb6a177e094edf79635727388c26f40
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Implementation required a new framework feature
to associate an app op with a broadcast.
Change-Id: I4ff41a52f7ad4ee8fd80cbf7b394f04d6c4315b3
|
| | | |
| | |
| | |
| | | |
Change-Id: Ibad8edb15e7cc332d6c29958a386d32a96f4e755
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The file that defines default preferred apps is now more
robust. It is no longer a raw dump of the package
manager settings, but instead a more general list of a
target activity and filter. When reading it, the remaining
information (match value, set of potential matches) is
determined dynamically.
Change-Id: I0edc6e0d2ed3dd2a6e2238992f18f7fc1f51d8d4
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Also add new ops for calendar and wi-fi scans, finish
implementing rejection of content provider calls, fix
issues with rejecting location calls, fix bug in the
new pm call to retrieve apps with permissions.
Change-Id: I29d9f8600bfbbf6561abf6d491907e2bbf6af417
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
...of Play Store is included
The issue is that the name of the play store apk on the system
image has changed, and the package manager has a bug when this
happens and it is being hidden by an updated version of the
application that is still a newer version. In this case it
doesn't do the normal scan of the system apk, but just leaves
its old disabled state. However if the code path has changed,
this will trip up other code that thinks the system apk has
disappeared (since when it checks for the existence of the apk
with the stored code path, it doesn't find anything).
The fix here is to add a special case to make sure the code
path is updated even if we are otherwise ignoring the hidden
system image package data.
Change-Id: Ic5118f94c078da7a30b53b9cadf7c9844f7ba866
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The disabled state allows you to make an app disabled
except for whatever parts of the system still want to
provide access to them and automatically enable them
if the user want to use it.
Currently the input method manager service is the only
part of the system that supports this, so you can put
an IME in this state and it will generally look disabled
but still be available in the IME list and once selected
switched to the enabled state.
Change-Id: I77f01c70610d82ce9070d4aabbadec8ae2cff2a3
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Take advantage of this to return better information about
packages filtered by permissions -- include the permissions
they have in the requested array.
Also fix issue #8026793 (Contact picture shows default pic
while searching for a contact in qsb) by using the base
package name of the Context when reporting the app name
of an operation. Otherwise you could make a resource-only
context for another application and do calls through that
and get reported as the wrong app.
Change-Id: I5e0488bf773acea5a3d22f245641828e1a106fb8
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
permissions.
Change-Id: I20c7bd58febc01d6911a90440867eaacd133c464
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
This is for the multi-user version of bindService, not the original.
Change-Id: Ib2de35941196accf387b1a276a77e6f9af805ec0
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This reverts commit 92091fa9636403728fe94cc83400495a8612c2d3.
Bug: 7966399
Bug: 7208882
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Pass targetSdkVersion to installd so it knows the appropriate
permissions to apply to the app's home directory.
Bug: 7208882
Change-Id: Ia62ed36b32ee5af01077fb10a586024411be8ed4
|
| |\ \ \
| |/ /
|/| | |
|
| | | |
| | |
| | |
| | | |
Change-Id: I6785cea91c0ab2c367645201fb8862dbf1a55773
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
After DownloadManager has downloaded an application to cache to install
during low memory condition, we try to free cache to fit the new
application. The free cache function deletes older files first, but it
will also delete the downloaded application (since it's in cache) as a
last resort since installd has no context about it.
This just changes the error code returned in this case so that we'll
give something more meaningful to the user. A later fix should actually
make this more sane. For instance: know which file to avoid deleting,
not even trying to delete anything if it won't arrive at the desired
free space.
Bug: 7684538
Change-Id: Ide77320fc51a4f692ef8042cb0eafe17b5cd279d
|
| | |
| |
| |
| |
| |
| |
| | |
This does some cleanup of the initial boot, especially when
booting in "no core apps" mode for encryption/decryption.
Change-Id: Ifb3949f580e52f54559e603c4b0b104f6bac2f6c
|
| | |
| |
| |
| |
| |
| |
| | |
Also fix a little problem where the USER_STARTED broadcasts
were not being sent as ordered broadcasts(!).
Change-Id: I3aa3e0a9b3900967cdd2d115ee103371b0a50c41
|
| | |
| |
| |
| |
| |
| |
| | |
This is required for upgrades from previous versions of JB.
Bug: 7547639
Change-Id: I21de14a70d6ba2ab21437b5f0721321df45226d2
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently, installd doesn't correctly evict VFS cache entries for
FUSE emulated external storage. This means zygote processes have an
inconsistent view of the FUSE daemon when the system rapidly
recycles user IDs.
To work around this, only consider recycling a user ID after its
VFS cache entries have expired. The emulated storage FUSE daemon
currently uses a 'entry_valid' timeout of 10 seconds.
Bug: 7407902
Change-Id: Id80cbdd2215d8456467fb31e4c209ca12a505e16
|
| |\ \ |
|
