Merge: Introduce UpdateLocks

An "UpdateLock" works similarly to a wake lock in API: the caller is
providing a hint to the OS that now is not a good time to interrupt
the user/device in order to do intrusive work like applying OTAs.
This is particularly important for headless or kiosk-like products
where ordinarily the update process will be automatically scheduled
and proceed without user or administrator intervention.

UpdateLocks require that the caller hold the new signatureOrSystem
permission android.permission.UPDATE_LOCK.  acquire() and release()
will throw security exceptions if this is not the case.

The "is now convenient?" state is expressed to interested parties
by way of a sticky broadcast sent only to registered listeners.  The
broadcast is protected; only the system can send it, so listeners
can trust it to be accurate.  The broadcast intent also includes a
timestamp (System.currentTimeMillis()) to help inform listeners that
wish to implement scheduling policies based on when the device became
idle.

The API change here is a tiny one: a dump(PrintWriter) method has been
added to the TokenWatcher class to facilitate getting information out
of it for dumpsys purposes.  UpdateLock itself is still @hide.

Bug 5543442

Change-Id: I3709c831fc1883d7cb753cd2d3ee8e10a61e7e48

1 files changed, 125 insertions, 0 deletions

diff --git a/services/java/com/android/server/UpdateLockService.java b/services/java/com/android/server/UpdateLockService.java
new file mode 100644
index 000000000000..5df19281f258
--- /dev/null
+++ b/services/java/com/android/server/UpdateLockService.java
@@ -0,0 +1,125 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server;
+
+import android.content.Context;
+import android.content.Intent;
+import android.content.pm.PackageManager;
+import android.os.Binder;
+import android.os.Handler;
+import android.os.IBinder;
+import android.os.IUpdateLock;
+import android.os.RemoteException;
+import android.os.SystemClock;
+import android.os.TokenWatcher;
+import android.os.UpdateLock;
+import android.util.Slog;
+
+import java.io.FileDescriptor;
+import java.io.PrintWriter;
+
+public class UpdateLockService extends IUpdateLock.Stub {
+    static final boolean DEBUG = false;
+    static final String TAG = "UpdateLockService";
+
+    // signatureOrSystem required to use update locks
+    static final String PERMISSION = "android.permission.UPDATE_LOCK";
+
+    Context mContext;
+    LockWatcher mLocks;
+
+    class LockWatcher extends TokenWatcher {
+        LockWatcher(Handler h, String tag) {
+            super(h, tag);
+        }
+
+        public void acquired() {
+            if (DEBUG) {
+                Slog.d(TAG, "first acquire; broadcasting convenient=false");
+            }
+            sendLockChangedBroadcast(false);
+        }
+        public void released() {
+            if (DEBUG) {
+                Slog.d(TAG, "last release; broadcasting convenient=true");
+            }
+            sendLockChangedBroadcast(true);
+        }
+    }
+
+    UpdateLockService(Context context) {
+        mContext = context;
+        mLocks = new LockWatcher(new Handler(), "UpdateLocks");
+
+        // Consider just-booting to be a reasonable time to allow
+        // interruptions for update installation etc.
+        sendLockChangedBroadcast(true);
+    }
+
+    void sendLockChangedBroadcast(boolean state) {
+        // Safe early during boot because this broadcast only goes to registered receivers.
+        long oldIdent = Binder.clearCallingIdentity();
+        try {
+            Intent intent = new Intent(UpdateLock.UPDATE_LOCK_CHANGED)
+                    .putExtra(UpdateLock.NOW_IS_CONVENIENT, state)
+                    .putExtra(UpdateLock.TIMESTAMP, System.currentTimeMillis())
+                    .addFlags(Intent.FLAG_RECEIVER_REGISTERED_ONLY);
+            mContext.sendStickyBroadcast(intent);
+        } finally {
+            Binder.restoreCallingIdentity(oldIdent);
+        }
+    }
+
+    @Override
+    public void acquireUpdateLock(IBinder token, String tag) throws RemoteException {
+        if (DEBUG) {
+            Slog.d(TAG, "acquire(" + token + ") by " + makeTag(tag));
+        }
+
+        mContext.enforceCallingOrSelfPermission(PERMISSION, "acquireUpdateLock");
+        mLocks.acquire(token, makeTag(tag));
+    }
+
+    @Override
+    public void releaseUpdateLock(IBinder token) throws RemoteException {
+        if (DEBUG) {
+            Slog.d(TAG, "release(" + token + ')');
+        }
+
+        mContext.enforceCallingOrSelfPermission(PERMISSION, "releaseUpdateLock");
+        mLocks.release(token);
+    };
+
+    private String makeTag(String tag) {
+        return "{tag=" + tag
+                + " uid=" + Binder.getCallingUid()
+                + " pid=" + Binder.getCallingPid() + '}';
+    }
+
+    @Override
+    public void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
+        if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP)
+                != PackageManager.PERMISSION_GRANTED) {
+            pw.println("Permission Denial: can't dump update lock service from from pid="
+                    + Binder.getCallingPid()
+                    + ", uid=" + Binder.getCallingUid());
+            return;
+        }
+
+        mLocks.dump(pw);
+    }
+}