| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After uninstalling an app, if the system was shutdown before the
download provider received the broadcast for UID_REMOVED, another app
installed later in the same uid might be able to gain access to the
files downloaded by this app. Removing any such hanging downloads
at the start up of the download provider should fix this issue.
Test: Manually tested by uninstalling an app and killing and restarting
the process android.process.media, to check that the downloaded files of
the uninstalled app were deleted.
Bug:22011579
Change-Id: I7382c4846f99035b40412a01715aee5873efa9e6
|
|
|
|
|
|
|
|
|
|
|
| |
Apps might end up confused if we tell them a download was completed
multiple times, so only send the broadcast exactly once when we
transition it into a "completed" state, either during an update() or
a delete() operation.
Test: verified single broadcast with test app
Bug: 31619480
Change-Id: I0b9139ea0e37f6d212b84314048692cd0c4f9cdf
|
|\
| |
| |
| |
| |
| |
| |
| | |
manual_merge_010fc18
am: e2c5d91b95
Change-Id: I5d3b829662449cc6068501c0cdf0f6b7bc67a8e5
|
| |\
| | |
| | |
| | |
| | |
| | | |
manual_merge_010fc18
Change-Id: I2fa7bbc82985a294564a072650f9e8472dae9694
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | | |
manual_merge_40238b9
Change-Id: I0d8441c4bae392726e7d41c77b1d9ac5eda1c09c
|
| | | |\
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
51033d49f6 am: 9bbd21ff0c am: 0bd9e49a06 am: 73721ade0d
am: 36b9c38a53
Change-Id: I53525f314f5ebc659e26c972c62517833ea03e19
|
| | | | |\
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
51033d49f6
am: 9bbd21ff0c
Change-Id: I5f09670f0629addb5fa847799184716020234f35
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When opening a downloaded file, enforce that the caller can actually
see the requested download before clearing their identity to read
internal columns.
However, this means that we can no longer return the "my_downloads"
paths: if those Uris were shared beyond the app that requested the
download, access would be denied. Instead, we need to switch to
using "all_downloads" Uris so that permission grants can be issued
to third-party viewer apps.
Since an app requesting a download doesn't normally have permission
to "all_downloads" paths, we issue narrow grants toward the owner of
each download, both at device boot and when new downloads are
started.
Bug: 30537115, 30945409
Change-Id: If944aada020878a91c363963728d0da9f6fae3ea
|
| |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
am: c0496a0b0b
Change-Id: I19d55af382ab6eb4ad080c402139eaf4df695ace
|
| | |/ / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When a download is deleted, we may not have an active thread, so
always send the broadcast from the provider. If an active thread
encounters a deleted download, skip sending the broadcast twice.
Change-Id: If8d5b99a1b7232bb64c6d11f22fdb4f5d6dbbfec
Test: none
Bug: 30883889
(cherry picked from commit efb1ac6b49692e62fde6830c3d20953c8632d2ba)
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Otherwise we end up leaving stale notifications around after the
underlying download was deleted.
Change-Id: Ie262a9dd369034de6c06be28b0eedc4231ea2e75
Test: none
Bug: 30697605
(cherry picked from commit 3b7e099588a2697305fd52c342f404a03ec9a9ab)
|
|\| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
6777320335 am: a474af3a08 am: 8bec536bf2 am: 34ccbd80ea am: 956426bee5 am: 6a6944d1f4 am: 8e8770bdc8 am: 85a6e20a85 am: 29c0025ae0
am: 9e119a0c29
Change-Id: Ic8495c5744b3acd16ae2d63be103279a2621411c
|
| |\| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
6777320335 am: a474af3a08 am: 8bec536bf2 am: 34ccbd80ea am: 956426bee5 am: 6a6944d1f4
am: 8e8770bdc8
Change-Id: I208036cd66780728f627cd11b2514eeb03c74800
|
| | |\| |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
6777320335 am: a474af3a08 am: 8bec536bf2 am: 34ccbd80ea am: 956426bee5
am: 6a6944d1f4
Change-Id: Ib01cab89347d96c44478e51a27ef2cf17e1e7b2d
|
| | | |\|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
6777320335 am: a474af3a08
am: 8bec536bf2
Change-Id: I81ea34a6f1cdaa438af6397651d7374628d44eff
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This reverts commit 8be3a92eb0b4105a9ed748be5a937ce79145f565.
Change-Id: I10401d57239b868f8e3514f81a0e20486838e29c
|
|\ \ \ \ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When a download is deleted, we may not have an active thread, so
always send the broadcast from the provider. If an active thread
encounters a deleted download, skip sending the broadcast twice.
Change-Id: If8d5b99a1b7232bb64c6d11f22fdb4f5d6dbbfec
Test: none
Bug: 30883889
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Otherwise we end up leaving stale notifications around after the
underlying download was deleted.
Change-Id: Ie262a9dd369034de6c06be28b0eedc4231ea2e75
Test: none
Bug: 30697605
|
|\| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
b3ce7976f2 am: 860239d87e am: 616f47abce am: a9ea617232 am: 567e549614 am: 14ae5650e4 am: 80ab64c562 am: 77b7d90939
am: 7bd19160b1
Change-Id: I5f041155cf85feb81db55f2b23868754f270ac4d
|
| |\| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
b3ce7976f2 am: 860239d87e am: 616f47abce am: a9ea617232 am: 567e549614
am: 14ae5650e4
Change-Id: I3688aa1ad8e48901b321823f03636bbd55d76780
|
| | |\| |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
b3ce7976f2 am: 860239d87e am: 616f47abce am: a9ea617232
am: 567e549614
Change-Id: I47ae3c7cfa1e3f6239d95697cf641c8d498a4e60
|
| | | |\|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
b3ce7976f2
am: 860239d87e
Change-Id: Ic62206ad61c81da00eb57679211c140ce7053032
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When opening a downloaded file, enforce that the caller can actually
see the requested download before clearing their identity to read
internal columns.
Bug: 30537115
Change-Id: I01bbad7997e5e908bfb19f5d576860a24f59f295
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This avoids a race condition where someone can change a symlink
target after the security checks have passed.
Bug: 26211054
Change-Id: I5842aaecc7b7d417a3b1902957b59b8a1f3c1ccb
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This avoids a race condition where someone can change a symlink
target after the security checks have passed.
Bug: 26211054
Change-Id: I40ed6d2298e4b66b4f7a055e68d9820515adf351
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This avoids a race condition where someone can change a symlink
target after the security checks have passed.
Bug: 26211054
Change-Id: I5842aaecc7b7d417a3b1902957b59b8a1f3c1ccb
|
| | |\ \ \
| | | | | |
| | | | | |
| | | | | | |
mnc-dr1.5-dev
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This avoids a race condition where someone can change a symlink
target after the security checks have passed.
Bug: 26211054
Change-Id: I03b06b746fde5d08d6b61a7011bdace0b4e9fa77
|
|\| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
am: 7dda783c24
Change-Id: I26c1c681d83ad21b2dc79586ab7768abf18dc577
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When deleting a file from DownloadManager, we also reach over and
clean up any scanned MediaStore entries. However, DownloadManager
clients may not hold the WRITE_EXTERNAL_STORAGE permission, such as
when they downloaded a file into their package-specific directories.
The safest fix for now is to clear the calling identity and always
clean up the MediaStore entries ourselves, since DownloadProvider
always holds the required storage permission.
Bug: 29777504
Change-Id: Iea8f5696410010807b118bb56e5b897c53f0e1fe
|
|/ / / / /
| | | | |
| | | | |
| | | | |
| | | | | |
Bug: 26524617
Change-Id: Ide23c822b97ccab29a341184f14698dc942e8e14
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The recent JobScheduler rewrite means we no longer spin up a service
when insterting an already-completed download. However, the calling
app may have requested the download to be scanned, so kick off a
scan request for them.
Bug: 28659693
Change-Id: I497e10995ba04f1522fe8d7e547ebea6e305f6e9
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
JobScheduler is in a much better position to coordinate tasks across
the platform to optimize battery and RAM usage. This change removes
a bunch of manual scheduling logic by representing each download as
a separate job with relevant scheduling constraints. Requested
network types, retry backoff timing, and newly added charging and
idle constraints are plumbed through as job parameters.
When a job times out, we halt the download and schedule it to resume
later. The majority of downloads should have ETag values to enable
resuming like this.
Remove local wakelocks, since the platform now acquires and blames
our jobs on the requesting app.
When an active download is pushing updates to the database, check for
both paused and cancelled state to quickly halt an ongoing download.
Shift DownloadNotifier to update directly based on a Cursor, since we
no longer have the overhead of fully-parsed DownloadInfo objects.
Unify a handful of worker threads into a single shared thread.
Remove legacy "large download" activity that was thrown in the face
of the user; the UX best-practice is to go through notification, and
update that dialog to let the user override and continue if under
the hard limit.
Bug: 28098882, 26571724
Change-Id: I33ebe59b3c2ea9c89ec526f70b1950c734abc4a7
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This avoids a race condition where someone can change a symlink
target after the security checks have passed.
Bug: 26211054
Change-Id: I5e1a2343d631109c21a4c5b2d8d00b2946756680
|
|/ / /
| | |
| | |
| | |
| | |
| | | |
This reverts commit 366af2ee1f841615d44ab770b537112d769eed05.
Change-Id: Id1155425ebcae23be8ce3916f19dda82eee992c4
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
This avoids a race condition where someone can change a symlink
target after the security checks have passed.
Bug: 26211054
Change-Id: I5842aaecc7b7d417a3b1902957b59b8a1f3c1ccb
|
| |
| |
| |
| |
| | |
Bug: 22718722
Change-Id: I9c054956c3b3655332475607d6919dc34515e550
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Normally apps must hold the WRITE_EXTERNAL_STORAGE permission in
order to use DownloadManager. However, now that the platform has
relaxed permissions on package-specific directories, we relax the
DownloadManager check in a similar way. This also opens up using
DownloadManager to save files on secondary external storage devices.
Fix bug so that we now check the relevant volume state when thinking
about resuming a download.
Bug: 22135060
Change-Id: If439340ea48789ea167f49709b5b69a4f0883150
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The onCreate() method [where we initialize the handler] runs on the
main thread. This means the ParcelFileDescriptor also runs tasks
involving disk access on the main thread. We need to create a
separate thread to run the Content Provider's handler.
Bug: 19718299
Change-Id: Ia3661fafd3442ad6260f04253ba24ddf83b176b2
|
|/
|
|
|
|
|
| |
Otherwise they're orphaned until the next idle maintenance pass.
Bug: 21786983
Change-Id: I6eb2240d657366b65482bd3a0d5683e5d34a541a
|
|
|
|
|
| |
Bug: 16822344
Change-Id: Ib90e171cbb7babc7a3eea59de5cb899c79fadf94
|
|
|
|
|
|
|
|
| |
Kicks off media scanner after files are written, usually through a
DocumentsProvider.
Bug: 13557203
Change-Id: I4e29b778b4e19a217f60c1e415c4d814724752d3
|
|\
| |
| |
| |
| | |
* commit 'f04a7690b53288c98c07e0aa05214cceebea1331':
Avoid leaking cursors
|
| |
| |
| |
| |
| |
| |
| | |
Adding try/finally blocks to make sure that cursor
resources are let go
Change-Id: I596074aa9ab5752f91a26b5a03e1f39c23c64a5f
|
|\|
| |
| |
| | |
Change-Id: I59df74b902c95299ae9adda2ddddb6bad4260159
|
| |
| |
| |
| |
| |
| |
| |
| | |
It is not necessary/useful to place this directory into a separate
type from other app data files, so remove this restorecon.
Change-Id: Iabd643a515c134ab2a62e82866a3f72530f795ba
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Periodically reconcile database against disk contents. This handles
the case where a user/app deletes files directly from disk without
updating the database, and the rare case where a database delete
didn't make it to deleting the underlying file.
Also cleans up any downloads belonging to a UID when removed.
Bug: 12924143
Change-Id: I4899d09df7ef71f2625491ac01ceeafa8a2013ce
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Change all data transfer to occur through FileDescriptors instead of
relying on local files. This paves the way for downloading directly
to content:// Uris in the future.
Rewrite storage management logic to preflight download when size is
known. If enough space is found, immediately reserve the space with
fallocate(), advising the kernel block allocator to try giving us a
contiguous block regions to reduce fragmentation. When preflighting
on internal storage or emulated external storage, ask PackageManager
to clear private app caches to free up space.
Since we fallocate() the entire file, use the database as the source
of truth for resume locations, which requires that we fsync() before
each database update.
Store in-progress downloads in separate directories to keep the OS
from deleting out from under us. Clean up filename generation logic
to break ties in this new dual-directory case.
Clearer enforcement of successful download preconditions around
content lengths and ETags. Move all database field mutations to
clearer DownloadInfoDelta object, and write back through single
code path.
Catch and log uncaught exceptions from DownloadThread. Tests to
verify new storage behaviors. Fixed existing test to reflect correct
RFC behavior.
Bug: 5287571, 3213677, 12663412
Change-Id: I6bb905eca7c7d1a6bc88df3db28b65d70f660221
|
| |
| |
| |
| |
| | |
This reverts commit 4f9d2d04003fafb358d7c127054055b3a9732c9b, was only
wanted for debugging.
|