| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| |
| |
| | |
51033d49f6
am: 9bbd21ff0c
Change-Id: I5f09670f0629addb5fa847799184716020234f35
|
| |\
| | |
| | |
| | |
| | |
| | | |
am: 51033d49f6
Change-Id: Ic319b5f1f9351a83a2fde49aedc99f996fda8ef5
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | | |
am: 7c1af8c62c
Change-Id: Id435bda5c939ab48c3e1fb69f13292a4740828d4
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When opening a downloaded file, enforce that the caller can actually
see the requested download before clearing their identity to read
internal columns.
However, this means that we can no longer return the "my_downloads"
paths: if those Uris were shared beyond the app that requested the
download, access would be denied. Instead, we need to switch to
using "all_downloads" Uris so that permission grants can be issued
to third-party viewer apps.
Since an app requesting a download doesn't normally have permission
to "all_downloads" paths, we issue narrow grants toward the owner of
each download, both at device boot and when new downloads are
started.
Bug: 30537115, 30945409
Change-Id: If944aada020878a91c363963728d0da9f6fae3ea
|
|\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
6777320335 am: a474af3a08
am: 8bec536bf2
Change-Id: I81ea34a6f1cdaa438af6397651d7374628d44eff
|
| |\| |
| | | |
| | | |
| | | |
| | | |
| | | | |
am: a474af3a08
Change-Id: I133dc7915c5dfd0e2d70ece76c008c7b282f0bcb
|
| | |\|
| | | |
| | | |
| | | |
| | | |
| | | | |
am: b440ceb00f
Change-Id: If9feec471d71fbfa05a4cf9a8633142c724b6da3
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit 8be3a92eb0b4105a9ed748be5a937ce79145f565.
Change-Id: I10401d57239b868f8e3514f81a0e20486838e29c
|
|\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
b3ce7976f2
am: 860239d87e
Change-Id: Ic62206ad61c81da00eb57679211c140ce7053032
|
| |\| |
| | | |
| | | |
| | | |
| | | |
| | | | |
am: b3ce7976f2
Change-Id: I539882f08289cabaaf49326fb7973d98d0323de2
|
| | |\|
| | | |
| | | |
| | | |
| | | |
| | | | |
am: 8be3a92eb0
Change-Id: I0b339abd106680e44a7e900e3eae514cf0f630c1
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When opening a downloaded file, enforce that the caller can actually
see the requested download before clearing their identity to read
internal columns.
Bug: 30537115
Change-Id: I01bbad7997e5e908bfb19f5d576860a24f59f295
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This avoids a race condition where someone can change a symlink
target after the security checks have passed.
Bug: 26211054
Change-Id: I5842aaecc7b7d417a3b1902957b59b8a1f3c1ccb
|
| |\| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
am: 0e710ca30d
* commit '0e710ca30d0b04843b3d2e83755e35fe092cfd4a':
Use resolved path for both checking and opening.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This avoids a race condition where someone can change a symlink
target after the security checks have passed.
Bug: 26211054
Change-Id: I5842aaecc7b7d417a3b1902957b59b8a1f3c1ccb
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This avoids a race condition where someone can change a symlink
target after the security checks have passed.
Bug: 26211054
Change-Id: I40ed6d2298e4b66b4f7a055e68d9820515adf351
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This avoids a race condition where someone can change a symlink
target after the security checks have passed.
Bug: 26211054
Change-Id: I5842aaecc7b7d417a3b1902957b59b8a1f3c1ccb
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Follow method refactoring so we only consider writable locations.
Bug: 22787184
Change-Id: Ib8b037216d23ab474d7e0df427671d174eaf030a
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Bug: 22718722
Change-Id: I9c054956c3b3655332475607d6919dc34515e550
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Normally apps must hold the WRITE_EXTERNAL_STORAGE permission in
order to use DownloadManager. However, now that the platform has
relaxed permissions on package-specific directories, we relax the
DownloadManager check in a similar way. This also opens up using
DownloadManager to save files on secondary external storage devices.
Fix bug so that we now check the relevant volume state when thinking
about resuming a download.
Bug: 22135060
Change-Id: If439340ea48789ea167f49709b5b69a4f0883150
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The onCreate() method [where we initialize the handler] runs on the
main thread. This means the ParcelFileDescriptor also runs tasks
involving disk access on the main thread. We need to create a
separate thread to run the Content Provider's handler.
Bug: 19718299
Change-Id: Ia3661fafd3442ad6260f04253ba24ddf83b176b2
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Otherwise they're orphaned until the next idle maintenance pass.
Bug: 21786983
Change-Id: I6eb2240d657366b65482bd3a0d5683e5d34a541a
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
JobScheduler.getAllPendingJobs() can return null when there are none.
Deal with it.
Bug 21642868
Change-Id: I11fcc6e146f9db51e03dcf57f7518bb7878fbd28
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use the newly factored FileUtils sanitize the requested display names to
be valid FAT filenames, and also allow any extension that maps to the
requested MIME type.
BUG=20157955
Change-Id: Ic37863a3362a941d81632bd4a7562dae40053652
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes the Provider-side of the DownloadManager framework honor
the per-UID cleartext network traffic policy. The policy is enforced
in the Provider rather than in its client (DownloadManager) because
download URLs could get redirected between HTTPS and HTTP and only
the Provider currently has visibility into and control over this.
Whether cleartext network traffic is permitted is a per-package
policy. However, the DownloadProvider can only access the UID of the
requesting application. Multiple packages can run under the same UID.
In that scenario, cleartext traffic is permited for the UID if
cleartext traffic is permitted for any of the packages running under
the UID. This could be improved by making the DownloadManager provide
the package name in addition to the UID.
Bug: 19215516
Change-Id: Ib37585a7a2fc2869954d52a1b08052926f49bc9b
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
1. Launch chrome and open www.baidu.com -> Choose "software"
in the site navigation -> Tap "games" option, choose one apk
to download -> During downloading, power off the phone -> Power
on the phone and check, it can't continue to download apk.
The fix is to add one condition for retrying to download when
IO exception happens (i.e. Failed to open for writing:
java.io.FileNotFoundException).
Bug 18834618
Review: https://partner-android-review.git.corp.google.com/#/c/193436
Signed-off-by: Benson Huang <benson.huang@mediatek.com>
Change-Id: I2f975ff7ffedfc4136fb250dcb5ef8fdca4a367d
|
| |
| |
| |
| |
| | |
Bug: 18512473
Change-Id: I686c7c3487f789dc0437513fbc6fed54dc62721f
|
| |
| |
| |
| |
| |
| |
| |
| | |
Now that we're defeating connection reuse, we have one additional
type of response where the length is known.
Bug: 18306491
Change-Id: I19657c565238f07fd89a55a5dbf1e85748f6e7c3
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Otherwise servers may continue streaming large downloads into the
kept-alive socket. This changes to always close the socket, sending
a clear signal to server.
Bug: 16153076
Change-Id: I3e7fefce4f82b5f80abaab58874cc4c4374d2bfb
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In some cases the provider may have marked a download as deleted,
but the content change notification may lag several seconds. To stop
as soon as possible, assert that we're not deleted when writing
our progress updates.
Bug: 16405936
Change-Id: I994b746056d0427c626355e0815234ff5b73198c
|
|\|
| |
| |
| |
| | |
* commit '3ee03ac36f0f849b78936cf18972fe2f24a61722':
Trim stale downloads from third-party apps.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Buggy third-party apps can enqueue lots of downloads and then
forget to remove them, causing DownloadManager to stop functioning.
This change removes any downloads that match _all_ of the following
conditions:
1. Download status is in a terminal (non-pending) state, usually a
concrete success or failure.
2. Download hasn't been touched in over a week.
3. Download is not visible in UI.
Bug: 17785419
Change-Id: Id82752fd6935371c1af682205d35f7ba35169473
|
|/
|
|
|
| |
Bug: 15476051
Change-Id: I085c074f1bb66631872712cab68bcaf6ee7ba7dc
|
|
|
|
|
| |
Bug: 17128331
Change-Id: Ie2529189e4d62c7dc385f9d36c70ac412fb4159c
|
|
|
|
|
|
|
| |
Fall back just like ENOTSUP.
Bug: 17285472
Change-Id: Ice4954726c14a0e84c39c5469d573644588934ae
|
|
|
|
|
| |
Bug: 16822344
Change-Id: Ib90e171cbb7babc7a3eea59de5cb899c79fadf94
|
|
|
|
|
|
|
|
| |
Kicks off media scanner after files are written, usually through a
DocumentsProvider.
Bug: 13557203
Change-Id: I4e29b778b4e19a217f60c1e415c4d814724752d3
|
|
|
|
|
|
|
|
|
| |
...preparatory to finally removing the scratchpad "idle maintenance"
infrastructure from the product.
Bug 14993295
Change-Id: I1e84247de19e616910db1781b2c399a8b15a805c
|
|\
| |
| |
| |
| | |
* commit 'f04a7690b53288c98c07e0aa05214cceebea1331':
Avoid leaking cursors
|
| |\ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Adding try/finally blocks to make sure that cursor
resources are let go
Change-Id: I596074aa9ab5752f91a26b5a03e1f39c23c64a5f
|
| |/
| |
| |
| | |
Change-Id: Ie2f35386e48894a9c9afb9717af90a5628dcd79b
|
| |
| |
| |
| | |
Change-Id: Ie72e18f539cbad593c489bf52b9afea5330f62c1
|
| |
| |
| |
| |
| |
| |
| | |
ErrnoException has moved to android.system; fix reference in
DownloadIdleService.
Change-Id: I8a08d3f8074d0ec5a4e8314db173139a109abb33
|
| |
| |
| |
| |
| |
| | |
(As much as possible. There are no plans to make the mocking API public.)
Change-Id: I348877b850d6d34572d5a19e67952254bc4f12ef
|
|\|
| |
| |
| | |
Change-Id: I59df74b902c95299ae9adda2ddddb6bad4260159
|
| |
| |
| |
| |
| |
| |
| |
| | |
It is not necessary/useful to place this directory into a separate
type from other app data files, so remove this restorecon.
Change-Id: Iabd643a515c134ab2a62e82866a3f72530f795ba
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Periodically reconcile database against disk contents. This handles
the case where a user/app deletes files directly from disk without
updating the database, and the rare case where a database delete
didn't make it to deleting the underlying file.
Also cleans up any downloads belonging to a UID when removed.
Bug: 12924143
Change-Id: I4899d09df7ef71f2625491ac01ceeafa8a2013ce
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Change all data transfer to occur through FileDescriptors instead of
relying on local files. This paves the way for downloading directly
to content:// Uris in the future.
Rewrite storage management logic to preflight download when size is
known. If enough space is found, immediately reserve the space with
fallocate(), advising the kernel block allocator to try giving us a
contiguous block regions to reduce fragmentation. When preflighting
on internal storage or emulated external storage, ask PackageManager
to clear private app caches to free up space.
Since we fallocate() the entire file, use the database as the source
of truth for resume locations, which requires that we fsync() before
each database update.
Store in-progress downloads in separate directories to keep the OS
from deleting out from under us. Clean up filename generation logic
to break ties in this new dual-directory case.
Clearer enforcement of successful download preconditions around
content lengths and ETags. Move all database field mutations to
clearer DownloadInfoDelta object, and write back through single
code path.
Catch and log uncaught exceptions from DownloadThread. Tests to
verify new storage behaviors. Fixed existing test to reflect correct
RFC behavior.
Bug: 5287571, 3213677, 12663412
Change-Id: I6bb905eca7c7d1a6bc88df3db28b65d70f660221
|
| |
| |
| |
| |
| | |
This reverts commit 4f9d2d04003fafb358d7c127054055b3a9732c9b, was only
wanted for debugging.
|