Merge "Trim unwanted whitespace from translations. DO NOT MERGE" into gingerbread
diff --git a/core/res/res/drawable-hdpi/status_bar_item_app_background_normal.9.png b/core/res/res/drawable-hdpi/status_bar_item_app_background_normal.9.png
index bdcb378..4fbfa4f 100644
--- a/core/res/res/drawable-hdpi/status_bar_item_app_background_normal.9.png
+++ b/core/res/res/drawable-hdpi/status_bar_item_app_background_normal.9.png
Binary files differ
diff --git a/core/res/res/drawable-hdpi/status_bar_item_background_focus.9.png b/core/res/res/drawable-hdpi/status_bar_item_background_focus.9.png
index 0876bc6..b07c7bc 100644
--- a/core/res/res/drawable-hdpi/status_bar_item_background_focus.9.png
+++ b/core/res/res/drawable-hdpi/status_bar_item_background_focus.9.png
Binary files differ
diff --git a/core/res/res/drawable-hdpi/status_bar_item_background_normal.9.png b/core/res/res/drawable-hdpi/status_bar_item_background_normal.9.png
index fa27ee4..de2f3c3 100644
--- a/core/res/res/drawable-hdpi/status_bar_item_background_normal.9.png
+++ b/core/res/res/drawable-hdpi/status_bar_item_background_normal.9.png
Binary files differ
diff --git a/core/res/res/drawable-hdpi/status_bar_item_background_pressed.9.png b/core/res/res/drawable-hdpi/status_bar_item_background_pressed.9.png
index 343e4ca..b5eab83 100644
--- a/core/res/res/drawable-hdpi/status_bar_item_background_pressed.9.png
+++ b/core/res/res/drawable-hdpi/status_bar_item_background_pressed.9.png
Binary files differ
diff --git a/docs/html/guide/topics/security/security.jd b/docs/html/guide/topics/security/security.jd
index dbc9866..de0c6e5 100644
--- a/docs/html/guide/topics/security/security.jd
+++ b/docs/html/guide/topics/security/security.jd
@@ -21,14 +21,15 @@
</div>
</div>
-<p>Android is a multi-process system, in which each application (and parts of the
-system) runs in its own process. Most security between applications and
-the system is enforced at the process level through standard Linux facilities,
-such as user and group IDs that are assigned to applications.
-Additional finer-grained security features are provided
-through a "permission" mechanism that enforces restrictions on the specific
-operations that a particular process can perform, and per-URI permissions
-for granting ad-hoc access to specific pieces of data.</p>
+<p>Android is a privilege-separated operating system, in which each
+application runs with a distinct system identity (Linux user ID and group
+ID). Parts of the system are also separated into distinct identities.
+Linux thereby isolates applications from each other and from the system.</p>
+
+<p>Additional finer-grained security features are provided through a
+"permission" mechanism that enforces restrictions on the specific operations
+that a particular process can perform, and per-URI permissions for granting
+ad-hoc access to specific pieces of data.</p>
<a name="arch"></a>
<h2>Security Architecture</h2>
@@ -38,39 +39,46 @@
adversely impact other applications, the operating system, or the user. This
includes reading or writing the user's private data (such as contacts or
e-mails), reading or writing another application's files, performing
-network access, keeping the device awake, etc.<p>
+network access, keeping the device awake, etc.</p>
-<p>An application's process runs in a security sandbox. The sandbox is designed
-to prevent applications from disrupting each other, except by explicitly
-declaring the <em>permissions</em> they need for additional capabilities not
-provided by the basic sandbox. The system handles requests for permissions
-in various ways, typically by automatically allowing or disallowing based on
-certificates or by prompting the user. The permissions required by an
-application are declared statically in that application, so they can be known
-up-front at install time and will not change after that.</p>
+<p>Because the kernel sandboxes applications from each other, applications
+must explicitly share resources and data. They do this by declaring the
+<em>permissions</em> they need for additional capabilities not provided by
+the basic sandbox. Applications statically declare the permissions they
+require, and the Android system prompts the user for consent at the time the
+application is installed. Android has no mechanism for granting permissions
+dynamically (at run-time) because it complicates the user experience to the
+detriment of security.</p>
+
+<p>The kernel is solely responsible for sandboxing applications from each
+other. In particular the Dalvik VM is not a security boundary, and any app
+can run native code (see <a href="/sdk/ndk/index.html">the Android NDK</a>).
+All types of applications — Java, native, and hybrid — are
+sandboxed in the same way and have the same degree of security from each
+other.</p>
<a name="signing"></a>
<h2>Application Signing</h2>
-<p>All Android applications (.apk files) must be signed with a certificate whose
-private key is held by their developer. This certificate identifies the author
-of the application. The certificate does <em>not</em> need to be signed by
-a certificate authority: it is perfectly allowable, and typical, for Android
-applications to use self-signed certificates. The certificate is used only
-to establish trust relationships between applications, not for wholesale
-control over whether an application can be installed. The most significant
-ways that signatures impact security is by determining who can access
-signature-based permissions and who can share user IDs.</p>
-
+<p>All Android applications (.apk files) must be signed with a certificate
+whose private key is held by their developer. This certificate identifies
+the author of the application. The certificate does <em>not</em> need to be
+signed by a certificate authority: it is perfectly allowable, and typical,
+for Android applications to use self-signed certificates. The purpose of
+certificates in Android is to distinguish application authors. This allows
+the system to grant or deny applications access to <a
+href="/guide/topics/manifest/permission-element.html#plevel">signature-level
+permissions</a> and to grant or deny an application's <a
+href="/guide/topics/manifest/manifest-element.html#uid">request to be given
+the same Linux identity</a> as another application.</p>
<a name="userid"></a>
<h2>User IDs and File Access</h2>
-<p>Each Android package (.apk) file installed on the device is given its
-own unique Linux user ID, creating a sandbox for it and preventing it from touching
-other applications (or other applications from touching it). This user ID is
-assigned to it when the application is installed on the device, and
-remains constant for the duration of its life on that device.</p>
+<p>At install time, Android gives each package a distinct Linux user ID. The
+identity remains constant for the duration of the package's life on that
+device. On a different device, the same package may have a different UID;
+what matters is that each package has a distinct UID on a given device.</p>
<p>Because security enforcement happens at the
process level, the code of any two packages can not normally
@@ -150,7 +158,7 @@
<li>Both sending and receiving broadcasts, to control who can receive
your broadcast or who can send a broadcast to you.</li>
<li>When accessing and operating on a content provider.</li>
-<li>Binding or starting a service.</li>
+<li>Binding to or starting a service.</li>
</ul>
diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
index ea2c5d4..58209fd 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -319,6 +319,7 @@
// Callback is disabled by default
mPreviewCallbackFlag = FRAME_CALLBACK_FLAG_NOOP;
mOrientation = 0;
+ mOrientationChanged = false;
cameraService->setCameraBusy(cameraId);
cameraService->loadSound();
LOG1("Client::Client X (pid %d)", callingPid);
@@ -496,6 +497,7 @@
// Force the destruction of any previous overlay
sp<Overlay> dummy;
mHardware->setOverlay(dummy);
+ mOverlayRef = 0;
} else {
mSurface->unregisterBuffers();
}
@@ -539,11 +541,12 @@
CameraParameters params(mHardware->getParameters());
params.getPreviewSize(&w, &h);
- if (w != mOverlayW || h != mOverlayH) {
+ if (w != mOverlayW || h != mOverlayH || mOrientationChanged) {
// Force the destruction of any previous overlay
sp<Overlay> dummy;
mHardware->setOverlay(dummy);
mOverlayRef = 0;
+ mOrientationChanged = false;
}
status_t result = NO_ERROR;
@@ -810,6 +813,7 @@
status_t CameraService::Client::sendCommand(int32_t cmd, int32_t arg1, int32_t arg2) {
LOG1("sendCommand (pid %d)", getCallingPid());
+ int orientation;
Mutex::Autolock lock(mLock);
status_t result = checkPidAndHardware();
if (result != NO_ERROR) return result;
@@ -821,20 +825,24 @@
}
switch (arg1) {
case 0:
- mOrientation = ISurface::BufferHeap::ROT_0;
+ orientation = ISurface::BufferHeap::ROT_0;
break;
case 90:
- mOrientation = ISurface::BufferHeap::ROT_90;
+ orientation = ISurface::BufferHeap::ROT_90;
break;
case 180:
- mOrientation = ISurface::BufferHeap::ROT_180;
+ orientation = ISurface::BufferHeap::ROT_180;
break;
case 270:
- mOrientation = ISurface::BufferHeap::ROT_270;
+ orientation = ISurface::BufferHeap::ROT_270;
break;
default:
return BAD_VALUE;
}
+ if (mOrientation != orientation) {
+ mOrientation = orientation;
+ if (mOverlayRef != 0) mOrientationChanged = true;
+ }
return OK;
}
diff --git a/services/camera/libcameraservice/CameraService.h b/services/camera/libcameraservice/CameraService.h
index 0d69836..8f0ed75 100644
--- a/services/camera/libcameraservice/CameraService.h
+++ b/services/camera/libcameraservice/CameraService.h
@@ -164,7 +164,9 @@
int mOverlayW;
int mOverlayH;
int mPreviewCallbackFlag;
- int mOrientation;
+ int mOrientation; // Current display orientation
+ // True if display orientation has been changed. This is only used in overlay.
+ int mOrientationChanged;
// Ensures atomicity among the public methods
mutable Mutex mLock;
