Switch to using PBKDF2 for the key generation for OBBs. Any previously
generated OBBs will stop being read correctly. A small pbkdf2gen program
is available to allow generation of appropriate keys with the salts.
Bug: 3059950
Change-Id: If4305c989fd692fd1150eb270dbf751e09c37295
Added a couple of micro-optimizations to avoid calling wake() unnecessarily
and reduce JNI overhead slightly.
Fixed a minor issue where we were not clearing the "next" field of Messages
returned by the MessageQueue so the Message would hold on to its successor
and potentially prevent the GC from collecting it if the message were leaked
somehow.
Change-Id: I488d29417ce0cdd7d0e447cda76ec978ef7f811c
AssetManager instances are created by zygote and passed to all its
children so that they don't have to individually open
frameworks-res.apk. This creates a problem for determining the current
file offset when using lseek() on those files, because you can't
guarantee the cross-process locking of a mutex. Luckily, Linux
implements pread() to get around this suckiness.
The problem is that only Linux implements this, so we have to keep the
old locking for use on host builds with aapt and friends. aapt doesn't
have this same problem of sharing file descriptors across forked
processes, so we can keep the local AutoMutex to protect accesses of
those files.
Change-Id: Ibe9f11499a53fe345f50fbaea438815ec0fd363e
There is apparently still a race upon reading the entry Local File
Header that can't be tracked down, so move the LFH check inside the
mutex-protected block so we can call lseek again to see where we are
when we log an error.
Also, close() can fail so use TEMP_FAILURE_RETRY on it so we don't
unwittingly leak file descriptors when Mean Mr. EINTR comes a-knocking.
Change-Id: I753abad0bd882fe28f7281c406fa76f64393ef4c
Since we switched to seeking to the LFH to verify its existence instead
of a huge mmap of the file, we have to guarantee that another seek
doesn't happen before we finish our read on the LFH.
Change-Id: If8135d9cb6f2f5cc4db734eafa4f6b5f6269c62a
Also fix a Valgrind complaint by zeroing out the entire epoll event
struct since otherwise the data field union would be partly
uninitialized (but not in a harmful way).
Change-Id: I2091ce517e87fcad7c9caf90e2c5e4854a7ca465
In the common case, there is nothing interesting happening on the native
Looper besides occasional wake ups. There is no point grabbing the
semaphore then.
Change-Id: Ib5c426d0e158dfa37891b7ff5537b6f833592fad
As part of this change, consolidated and cleaned up the Looper API so
that there are fewer distinctions between the NDK and non-NDK declarations
(no need for two callback types, etc.).
Removed the dependence on specific constants from sys/poll.h such as
POLLIN. Instead looper.h defines events like LOOPER_EVENT_INPUT for
the events that it supports. That should help make any future
under-the-hood implementation changes easier.
Fixed a couple of compiler warnings along the way.
Change-Id: I449a7ec780bf061bdd325452f823673e2b39b6ae
This change is essentially a rewrite of the main input dispatcher loop
with the target identification folded in. Since the input dispatcher now
has all of the window state, it can make better decisions about
when to ANR.
Added a .5 second deadline for processing app switch keys. This behavior
predates Gingerbread but had not previously been ported.
Fixed some timing inaccuracies in the ANR accounting that could cause
applications to ANR sooner than they should have.
Added a mechanism for tracking key and motion events that have been
dispatched to a window so that appropriate cancelation events can be
synthesized when recovering from ANR. This change helps to keep
applications in sync so they don't end up with stuck buttons upon
recovery from ANRs.
Added more comments to describe the tricky parts of PollLoop.
Change-Id: I13dffca27acb436fc383980db536abc4d8b9e6f1
This reverts commit 52b8235238fb4d8cf141020cc1ae33880929dc3f.
munmap() on a region that overlaps something else (e.g, the ZIP Central
Directory in this case) unmaps those other regions as well making the
ZipFileRO class unhappy. Revert this for now until we can have FileMap
deal with this craziness.
The ALooper API now uses an explicit "identifier" for the integer
that is returned rather than implicitly using the fd. This allows
the APIs that had the fd to be a little more sane.
Change-Id: I8507f535ad484c0bdc4a1bd016d87bb09acd7ff0
An error code is returned as -ESOMETHING, but the debug code was
printing out 0x%08x for these codes making -74 print out as 0xffffffb5
which is kind of silly.
Change-Id: I7d77fb3da2e146845949f121404f662b47288e61
Some assets are failing to read from ZIP files. This adds a bit more
debugging to figure out what's going on.
Change-Id: Id90e10546c54c85069a34478fbc28bc2523bda5d
* Add flags field in OBB footer to support overlays.
* Remove unused 'crypto' and 'filesystem' fields in obbtool (could
later be supported in the "flags" field of the OBB footer).
* Add notes to document OBB classes before shipping.
Change-Id: I386b43c32c5edef55210acb5d3322639c08010ba
Add "obbtool" host command for adding, removing, and querying Opaque
Binary Blob (OBB) information from a file.
Change-Id: Id2ac41e687ad2a500c362616d6738a8ae7e8f5c3
The LHS was ignored when using:
String8 + String8
String8 + (const char*)
Add unit tests for above.
Bug: 2898473
Change-Id: Ic8fe7be668b665c36aaaa3fc3c3ffdfff0fbba25
In the success case, the 65kB scanBuf was not freed!
Also, get rid of annoying complaints about ssize_t from printf in error
cases.
Change-Id: If154ac19bf47637f898b4ec8c8e27c9a073a7b81
On the assumption that the local min() function declaration is in
conflict with some 'min' #define floating around, rename the local
function to min_of().
Change-Id: I62aa27f213c6093cc78805de611cf4aa75f0eef2
Compressed assets larger than one megabyte are now decompressed on demand
rather than being decompressed in their entirety and held in memory. Reading
the data in order is relatively efficient, as is seeking forward in the stream.
Seeking backwards is supported, but requires reprocessing the compressed data
from the beginning, so is very inefficient.
In addition, the size limit on compressed assets has been eliminated.
Change-Id: I6e68247957e6c53e7e8ba70d12764695f1723bad
Add dumpsys integration for the native input dispatcher.
Add some InputDevice API stubs.
Add an appendFormat helper method to String8 for printf style
string formatting mainly for debugging purposes.
Use generic ArrayList<WindowState> everywhere in WindowManagerService
to eliminate unnecessary casts all over.
Change-Id: I9d1e3bd90eb7222d10620200477f11b7bfd25e44
* Move error messages around to clarify the errors.
* Add extra error check when reading a file.
* Seek to the end of a file when writing the signature so the users of
the API don't have to remember to do it.
Change-Id: I2337051b9f9fa8147c5900237deec790dcd92436
This factors out the boiler-plate code from the sample
app to a common glue code that can be used for everyone
writing this style of app: a dedicated app thread that
takes care of waiting for events and processing them.
As part of doing this, ALooper has a new facility to allow
registration of fds that cause ALooper_pollOnce() to return
the fd that has data, allowing the app to drive the loop
without callbacks. Hopefully this makes some people feel better. :)
Also do some other cleanup of the ALooper API, plus some
actual documentation.
Change-Id: Ic53bd56bdf627e3ba28a3c093faa06a92be522b8
This allows us to avoid exposing the file descriptor of
the event queue; instead, you attach an event queue to
a looper. This will also should allow native apps to be
written without the need for a separate thread, by attaching
the event queue to the main thread's looper and scheduling
their own messages there.
Change-Id: I38489282635895ae2cbfacb88599c1b1cad9b239
Added more tests.
Fixed a regression in Vector.
Fixed bugs in pointer tracking.
Fixed a starvation issue in PollLoop when setting or removing callbacks.
Fixed a couple of policy nits.
Modified the internal representation of MotionEvent to be more
efficient and more consistent.
Added code to skip/cancel virtual key processing when there are multiple
pointers down. This helps to better disambiguate virtual key presses
from stray touches (such as cheek presses).
Change-Id: I2a7d2cce0195afb9125b23378baa94fd2fc6671c
The old dispatch mechanism has been left in place and continues to
be used by default for now. To enable native input dispatch,
edit the ENABLE_NATIVE_DISPATCH constant in WindowManagerPolicy.
Includes part of the new input event NDK API. Some details TBD.
To wire up input dispatch, as the ViewRoot adds a window to the
window session it receives an InputChannel object as an output
argument. The InputChannel encapsulates the file descriptors for a
shared memory region and two pipe end-points. The ViewRoot then
provides the InputChannel to the InputQueue. Behind the
scenes, InputQueue simply attaches handlers to the native PollLoop object
that underlies the MessageQueue. This way MessageQueue doesn't need
to know anything about input dispatch per-se, it just exposes (in native
code) a PollLoop that other components can use to monitor file descriptor
state changes.
There can be zero or more targets for any given input event. Each
input target is specified by its input channel and some parameters
including flags, an X/Y coordinate offset, and the dispatch timeout.
An input target can request either synchronous dispatch (for foreground apps)
or asynchronous dispatch (fire-and-forget for wallpapers and "outside"
targets). Currently, finding the appropriate input targets for an event
requires a call back into the WindowManagerServer from native code.
In the future this will be refactored to avoid most of these callbacks
except as required to handle pending focus transitions.
End-to-end event dispatch mostly works!
To do: event injection, rate limiting, ANRs, testing, optimization, etc.
Change-Id: I8c36b2b9e0a2d27392040ecda0f51b636456de25
Change the way zip archives are handled. This is necessary to deal with
very large (~1GB) APK files, for which our current approach of mapping
the entire file falls over.
We now do the classic scavenger hunt for the End Of Central Directory
magic on a buffer of data read from the file, instead of a memory-mapped
section. We use what we find to create a map that covers the Central
Directory only.
If the caller is interested in unpacking the file contents, we have to
do an additional file read to discover the size of the Local File Header
section so we can skip past it.
This is based on Change I745fb15abb in the dalvik tree. Both
implementations share a common ancestry, but the cost of unifying them
outweighs the benefits of wrapping C calls.
Change-Id: Iddacb50fe913917c2845708a530872d65fdbe620
Merge commit 'ca48c88c3d5733c4405a2fc4f7d9bb7fbba3d43f' into kraken
* commit 'ca48c88c3d5733c4405a2fc4f7d9bb7fbba3d43f':
Make static versions of libutils and libbinder.
Fix some small static-initialization-order issues (and a static-
initializers-missing issue) that result from doing so. The static
libraries don't actually get used for anything real at the moment --
they're used for perf tests of bug 2660235.
Bug: 2660235
Change-Id: Iee2f38f79cc93b395e8d0a5a144ed92461f5ada0
Not complete, only for experimentation at this point.
This includes a reworking of how screen size configurations are matched,
so that if you are on a larger screen we can select configurations for
smaller screens if there aren't any exactly matching the current screen.
The screen size at which we switch to xlarge has been arbitrarily
chosen; the compatibility behavior has not yet been defined.
Change-Id: I1a33b3818eeb51a68fb72397568c39ab040a07f5
[Sorted|Keyed]Vector<TYPE> would leak their whole storage when resized
from the end and TYPE had trivial dtor and copy operators.
Change-Id: I8555bb1aa0863df72de27d67ae50e20706e90cf5
Vector::sort() is using _do_copy() incorrectly; _do_copy() calls the
copy constructor, not the assignment operator, so we need to destroy
the "destination" before copying the item.
Change-Id: Iaeeac808fa5341a7d219edeba4aa63d44f31473c
This loosens our restriction on many manifest attributes requiring
literal string values, to allow various ones to use values from
resources. This is only allowed if the resource value does not change
from configuration changes, and the restriction is still in place
for attributes that are core to security (requesting permissions) or
market operation (used libraries and features etc).
Change-Id: I4da02f6a5196cb6a7dbcff9ac25403904c42c2c8