Merge "Use shared app gid for forward-locked processes" into jb-mr1-dev
This commit is contained in:
Kenny Root
@@ -151,11 +151,25 @@ public class Process {
|
||||
*/
|
||||
public static final int LAST_ISOLATED_UID = 99999;
|
||||
|
||||
/**
|
||||
* First gid for applications to share resources. Used when forward-locking
|
||||
* is enabled but all UserHandles need to be able to read the resources.
|
||||
* @hide
|
||||
*/
|
||||
public static final int FIRST_SHARED_APPLICATION_GID = 50000;
|
||||
|
||||
/**
|
||||
* Last gid for applications to share resources. Used when forward-locking
|
||||
* is enabled but all UserHandles need to be able to read the resources.
|
||||
* @hide
|
||||
*/
|
||||
public static final int LAST_SHARED_APPLICATION_GID = 59999;
|
||||
|
||||
/**
|
||||
* Defines a secondary group id for access to the bluetooth hardware.
|
||||
*/
|
||||
public static final int BLUETOOTH_GID = 2000;
|
||||
|
||||
|
||||
/**
|
||||
* Standard priority of application threads.
|
||||
* Use with {@link #setThreadPriority(int)} and
|
||||
|
||||
@@ -138,6 +138,15 @@ public final class UserHandle implements Parcelable {
|
||||
return uid % PER_USER_RANGE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the shared app gid for a given uid or appId.
|
||||
* @hide
|
||||
*/
|
||||
public static final int getSharedAppGid(int id) {
|
||||
return Process.FIRST_SHARED_APPLICATION_GID + (id % PER_USER_RANGE)
|
||||
- Process.FIRST_APPLICATION_UID;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the user id of the current process
|
||||
* @return user id of the current process
|
||||
|
||||
@@ -2008,9 +2008,10 @@ public final class ActivityManagerService extends ActivityManagerNative
|
||||
int[] gids = null;
|
||||
int mountExternal = Zygote.MOUNT_EXTERNAL_NONE;
|
||||
if (!app.isolated) {
|
||||
int[] permGids = null;
|
||||
try {
|
||||
final PackageManager pm = mContext.getPackageManager();
|
||||
gids = pm.getPackageGids(app.info.packageName);
|
||||
permGids = pm.getPackageGids(app.info.packageName);
|
||||
|
||||
if (Environment.isExternalStorageEmulated()) {
|
||||
if (pm.checkPermission(
|
||||
@@ -2024,6 +2025,18 @@ public final class ActivityManagerService extends ActivityManagerNative
|
||||
} catch (PackageManager.NameNotFoundException e) {
|
||||
Slog.w(TAG, "Unable to retrieve gids", e);
|
||||
}
|
||||
|
||||
/*
|
||||
* Add shared application GID so applications can share some
|
||||
* resources like shared libraries
|
||||
*/
|
||||
if (permGids == null) {
|
||||
gids = new int[1];
|
||||
} else {
|
||||
gids = new int[permGids.length + 1];
|
||||
System.arraycopy(permGids, 0, gids, 1, permGids.length);
|
||||
}
|
||||
gids[0] = UserHandle.getSharedAppGid(UserHandle.getAppId(uid));
|
||||
}
|
||||
if (mFactoryTest != SystemServer.FACTORY_TEST_OFF) {
|
||||
if (mFactoryTest == SystemServer.FACTORY_TEST_LOW_LEVEL
|
||||
|
||||
@@ -7289,7 +7289,7 @@ public class PackageManagerService extends IPackageManager.Stub {
|
||||
final int groupOwner;
|
||||
final String protectedFile;
|
||||
if (isFwdLocked()) {
|
||||
groupOwner = uid;
|
||||
groupOwner = UserHandle.getSharedAppGid(uid);
|
||||
protectedFile = RES_FILE_NAME;
|
||||
} else {
|
||||
groupOwner = -1;
|
||||
@@ -7371,7 +7371,8 @@ public class PackageManagerService extends IPackageManager.Stub {
|
||||
int doPostCopy(int uid) {
|
||||
if (isFwdLocked()) {
|
||||
if (uid < Process.FIRST_APPLICATION_UID
|
||||
|| !PackageHelper.fixSdPermissions(cid, uid, RES_FILE_NAME)) {
|
||||
|| !PackageHelper.fixSdPermissions(cid, UserHandle.getSharedAppGid(uid),
|
||||
RES_FILE_NAME)) {
|
||||
Slog.e(TAG, "Failed to finalize " + cid);
|
||||
PackageHelper.destroySdDir(cid);
|
||||
return PackageManager.INSTALL_FAILED_CONTAINER_ERROR;
|
||||
|
||||
Reference in New Issue
Block a user