commit 7567485875fa8f38437d8891a24477db297a326b
author Ruslan Tkhakokhov <rthakohov@google.com> Tue Jan 22 13:35:00 2019 +0000
committer Ruslan Tkhakokhov <rthakohov@google.com> Mon Feb 11 15:26:28 2019 +0000
tree 4586e3555750cc048edf7faa8fa62c0162f1a573
parent 9b5f31b88469d36204d7b8b1bc9db0af1ae0d6e1

Add manifest flag to clear user data at restore

Currently there are 2 functionalities guarded by the same flag
(FLAG_ALLOW_CLEAR_USER_DATA):

1. Allowing users to clear the app's data from settings
2. Allowing the system to clear the app's data if a restore operation
fails.

The purpose of this CL is to introduce a new flag
(FLAG_ALLOW_CLEAR_USER_DATA_ON_FAILED_RESTORE) for (2)

Bug: 120267643
Test: N/A
Change-Id: I4ee315e311049c55ed26e7cf121f7e0c59eabd55

api/system-current.txt

diff --git a/api/system-current.txt b/api/system-current.txt
index c9b8c38..8a43ba5 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -205,6 +205,7 @@
   }
 
   public static final class R.attr {
+    field public static final int allowClearUserDataOnFailedRestore = 16844198; // 0x10105a6
     field public static final int inheritShowWhenLocked = 16844194; // 0x10105a2
     field public static final int isVrOnly = 16844152; // 0x1010578
     field public static final int requiredSystemPropertyName = 16844133; // 0x1010565

core/java/android/content/pm/ApplicationInfo.java

diff --git a/core/java/android/content/pm/ApplicationInfo.java b/core/java/android/content/pm/ApplicationInfo.java
index b27c5dc..6c6fcb2 100644
--- a/core/java/android/content/pm/ApplicationInfo.java
+++ b/core/java/android/content/pm/ApplicationInfo.java
@@ -650,6 +650,18 @@
      */
     public static final int PRIVATE_FLAG_USE_EMBEDDED_DEX = 1 << 25;
 
+    /**
+     * Value for {@link #privateFlags}: indicates whether this application's data will be cleared
+     * on a failed restore.
+     *
+     * <p>Comes from the
+     * android.R.styleable#AndroidManifestApplication_allowClearUserDataOnFailedRestore attribute
+     * of the &lt;application&gt; tag.
+     *
+     * @hide
+     */
+    public static final int PRIVATE_FLAG_ALLOW_CLEAR_USER_DATA_ON_FAILED_RESTORE = 1 << 26;
+
     /** @hide */
     @IntDef(flag = true, prefix = { "PRIVATE_FLAG_" }, value = {
             PRIVATE_FLAG_ACTIVITIES_RESIZE_MODE_RESIZEABLE,
@@ -676,6 +688,7 @@
             PRIVATE_FLAG_VENDOR,
             PRIVATE_FLAG_VIRTUAL_PRELOAD,
             PRIVATE_FLAG_HAS_FRAGILE_USER_DATA,
+            PRIVATE_FLAG_ALLOW_CLEAR_USER_DATA_ON_FAILED_RESTORE
     })
     @Retention(RetentionPolicy.SOURCE)
     public @interface ApplicationInfoPrivateFlags {}

core/java/android/content/pm/PackageParser.java

diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index 96b6eb52..0abd5ea 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -3747,6 +3747,13 @@
             ai.privateFlags |= PRIVATE_FLAG_ACTIVITIES_RESIZE_MODE_RESIZEABLE_VIA_SDK_VERSION;
         }
 
+        if (sa.getBoolean(
+                com.android.internal.R.styleable
+                        .AndroidManifestApplication_allowClearUserDataOnFailedRestore,
+                true)) {
+            ai.privateFlags |= ApplicationInfo.PRIVATE_FLAG_ALLOW_CLEAR_USER_DATA_ON_FAILED_RESTORE;
+        }
+
         ai.maxAspectRatio = sa.getFloat(R.styleable.AndroidManifestApplication_maxAspectRatio, 0);
         ai.minAspectRatio = sa.getFloat(R.styleable.AndroidManifestApplication_minAspectRatio, 0);
 

core/res/res/values/attrs_manifest.xml

diff --git a/core/res/res/values/attrs_manifest.xml b/core/res/res/values/attrs_manifest.xml
index 53cae63..1053184 100644
--- a/core/res/res/values/attrs_manifest.xml
+++ b/core/res/res/values/attrs_manifest.xml
@@ -118,7 +118,7 @@
     <attr name="manageSpaceActivity" format="string" />
 
     <!-- Option to let applications specify that user data can/cannot be
-         cleared. This flag is turned on by default.
+         cleared by the user in Settings. This flag is turned on by default.
          <em>This attribute is usable only by applications
          included in the system image. Third-party apps cannot use it.</em> -->
     <attr name="allowClearUserData" format="boolean" />
@@ -1661,7 +1661,12 @@
         <!-- If {@code true} the user is prompted to keep the app's data on uninstall -->
         <attr name="hasFragileUserData" />
 
-	<attr name="zygotePreloadName" />
+        <attr name="zygotePreloadName" />
+
+        <!-- If {@code true} the system will clear app's data if a restore operation fails.
+             This flag is turned on by default. <em>This attribute is usable only by system apps.
+             </em> -->
+        <attr name="allowClearUserDataOnFailedRestore"/>
     </declare-styleable>
     <!-- The <code>permission</code> tag declares a security permission that can be
          used to control access from other packages to specific components or

core/res/res/values/public.xml

diff --git a/core/res/res/values/public.xml b/core/res/res/values/public.xml
index d2c3b40..5e65605 100644
--- a/core/res/res/values/public.xml
+++ b/core/res/res/values/public.xml
@@ -2939,6 +2939,8 @@
         <public name="zygotePreloadName" />
         <public name="useEmbeddedDex" />
         <public name="forceUriPermissions" />
+        <!-- @hide @SystemApi -->
+        <public name="allowClearUserDataOnFailedRestore"/>
     </public-group>
 
     <public-group type="drawable" first-id="0x010800b4">