In order to reduce the startup impact to near zero, we are
creating a whitelist to be checked before parsing rules.
The whitelist will be generated by the APK based on apps
mentioned in the rules files. At app launch, only those in
the whitelist will do full rules checking.
The whitelist will be checked via Global Settings, which will
be populated by the ANGLE APK when intents are received. The
APK will listen for intents at boot (LOCKED_BOOT_COMPLETED)
and when ANGLE itself is updated (MY_PACKAGE_REPLACED).
The whitelist can also be populated by hand:
adb shell settings put global angle_whitelist app1,app2,appN
We plan to further mitigate the ANGLE-enabled app impact
by parsing the full rules when creating the whitelist, off of
the critical path.
Note: Developer Options will continue to work, regardless of
whitelist. But temp rules will not be loaded if the app is
not whitelisted.
Test: atest CtsAngleIntegrationHostTestCases
Test: atest google/perf/app-startup/hermetic-apps/cold-dropcache-test -v
Bug: 80239516
Bug: 122528316
Change-Id: I96e5b4d5b4774f59aadbd1e52295437a395cab6b
This commit adds the code necessar to initialize and use the blastula
pool during application launching. Highlights include:
* Modifying ZygoteState to allow the creation of blastula session
sockets
* Modified application startup to track if a web view process is being
created.
* Initialization of the blastula pool during Zygote initialization.
* Blastula lifecycle management via reporting pipes and event FDs.
* Launching of applications via the blastula pool.
The creation, maintenance, and use of the blastula pool can be disabled
by setting Zygote.BLASTULA_POOL_ENABLED to false. When this feature is
disabled applications will launch as they did before this patch.
Topic: zygote-prefork
Test: make & flash & launch app & check log message
Bug: 68253328
Exempt-From-Owner-Approval: No changes to files with owners between revisions
Change-Id: I46c32ad09400591e866b6c6121d5a9b0332092f3
This commit made the following changes to make the code conform to the
Frameworks style guide:
* Re-named variables
* Re-flowed code
* Organized includes
Topic: zygote-prefork
Test: make & flash & launch apps
Bug: 68253328
Change-Id: I9274b32f1f606f29f6eb3a1e5068ca18f607afe7
Merged-In: I9274b32f1f606f29f6eb3a1e5068ca18f607afe7
* Add cancelBugreport method.
* Remove unused arguments to onFinished listener call.
* Publish the system service now that sepolicy for it
is submitted.
* Use the new bugreportd service.
Test: boots
BUG:111441001
Change-Id: I12d72e0e1f4ca72d285fd02a3fc1a44f5c179885
The affected constants are already SystemApi in internal.
Bug: 112869080
Test: m
Change-Id: Iacefdefa59346eaebd8b92743fe8710845edcc29
Merged-In: I261dfcc5cfdfc76bda5d70181785e11c2715a558
This commit made the following changes to make the code conform to the
Frameworks style guide:
* Re-named variables
* Re-flowed code
* Organized includes
Topic: zygote-prefork
Test: make & flash & launch apps
Bug: 68253328
Change-Id: I9274b32f1f606f29f6eb3a1e5068ca18f607afe7
When a blacklist is set, we must not use driver package for those applications
on the blacklist.
BUG: 120869311
Test: Build, flash, boot. Verify with command line.
Change-Id: I1c9f10a3086007038c328a20346ffadeff1861ae
When callers are inserting or updating raw "_data" paths, we need to
sanity check them to make sure they're not "crossing the streams"
between storage devices. For example, it would be really broken to
insert a file on the SD card into the "internal" storage volume.
This also enforces that callers don't "cross the streams" between
multiple storage volumes on devices that support them, since
otherwise they'd end up with very confusing behavior, such as
the same underlying file being inserted into multiple databases.
Also, the "internal" storage volume should really only be used for
common media (such as ringtones), and it shouldn't be allowed to
point into private app data directories, since MODE_WORLD_READABLE
has been deprecated for many years now.
Bug: 117932814
Test: atest MediaProviderTests
Test: atest cts/tests/tests/media/src/android/media/cts/MediaScanner*
Test: atest cts/tests/tests/provider/src/android/provider/cts/MediaStore*
Change-Id: I267eacd45bbd270b8ce9b28de9d6e209f780f31a
This class is useful as a system API because:
- It is one of the few exceptions that is natively Parcelable.
- It is directly supported by native code without using JNI,
using Status::fromServiceSpecificError.
- Unlike other natively parcelable exceptions, it contains both
an error message and an error code.
Test: m
Bug: 112869080
Change-Id: Ica3e88c2b6877e429a61b053d75f69b9f19fc74a
Apps that are already installed on the device before isolated_storage
feature is enabled will be granted MOUNT_EXTERNAL_LEGACY mode. In this
mode, /mnt/runtime/write will be mounted at /storage giving them same
level of access as in P.
A new mount directory /mnt/runtime/full is also created which will be
used for mounting at /storage for apps started with MOUNT_EXTERNAL_FULL
mode. This will allow apps with WRITE_MEDIA_STORAGE permission to
read/write anywhere on the secondary devices without needing to bypass
sdcardfs.
Bug: 121277410
Test: manual
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Change-Id: I4ec73276d7c586ae4afc482580d1eb8ee03d5be1
The dire warning about canonicalising paths before calling
FileUtils#contains was present on two overloads but not the
third. Added it there to try to make it harder to miss.
Test: Builds.
Change-Id: I983fe86e57ff3f7052f4f5d55f2bbd9e5740429a
The application zygote can run untrusted user code; since it also
has the capability to change the uid/gid of the process, we need
to ensure that any changes to the uid and/or gid stay within the
range that we have allocated for this application zygote.
For application zygotes, we install the app_zygote seccomp
filter instead of the regular app filter; the only difference
between this filter and the app one is that it allows
setuid/setgid calls.
To further limit this, pass down the allocated UID range to the
Zygote itself, which in turn installs an additional seccomp
filter that restricts setuid/setgid calls to this range.
The actual calls into seccomp are commented out until the seccomp
changes are merged; to avoid catastrophe, this will leave the
regular app filter for the app_zygote, which is more restrictive
and doesn't allow setuid at all.
Bug: 111434506
Test: atest CtsSeccompHostTestCases passes
Change-Id: I112419629f5ee4774ccbf77e2b1cfa5ddcf77e73
Add methods used by VintfDeviceInfo, a CTS test, to TestApi.
Also remove them from greylist.
Bug: 111610941
Test: builds
Change-Id: Ieccf8c9225132fd604d7df0fc7e9976f63f9077c
