To fix issue #3611966, KeyManagerImpl's handling of TransportAddedEvent
was made asynchronous. This made it possible for a thread to call
KeyManager.endpointAdded() before the KeyManager had asynchronously
handled the TransportAddedEvent from a previous call to
DatabaseComponent.addTransport().
CryptoExecutor and DatabaseExecutor now use bounded thread pools with
unbounded queues, since running too many tasks in parallel is likely to
harm performance; IncomingConnectionExecutor, PluginExecutor and
ReliabilityExecutor use unbounded thread pools with direct handoff,
since their tasks may run indefinitely. There are no longer any bounded
executors, and all executors discard tasks when shutting down, which
fixes issue #3612189.
Responsibility for starting and stopping services has been moved from
BriarService in briar-android to LifecycleManagerImpl in briar-core.
However, BriarService is still responsible for stopping the
Android-specific executors, which is ugly. It would be better if
executors registered themselves with LifecycleManager.
Android doesn't currently store bundles persistently, so it's premature
to protect against accidental information leaks through persistent
bundle storage. Protecting against deliberate information leaks by the
OS is probably futile, so there's currently no need for bundle
encryption.
Only the ARM binary is included at present. Better control of the Tor
process is needed - it's possible for it to be left running when Briar
exits, and if the cookie file is deleted it's no longer possible to stop
the process.
This depends on the (unspecified) order in which new secrets are stored.
For example, if the secrets for periods 0 - 2 are loaded in period 3,
the secrets for periods 3 and 4 will be stored; the secrets for periods
0 and 1 may expire separately if the secret for period 3 is stored
before the secret for period 4, or together if the secret for period 4
is stored before the secret for period 3.
This bug was causing crashes at shutdown when the connection recogniser
tried to derive tags from secrets that had been erased by the key
manager - the derived tags were not present in the recogniser's maps.
