Prior support forced all third party apps
to be resolved against the default stanza
of the mac_permissions.xml file when assigning
seinfo labels. This meant that all third party
apps, in effect, were untrusted regardless of
cert and therefore received the same selinux domain.
This also had the unfortunate side effect of forcing
certain third party apps into the wrong domains
because of shared userid requests among apps.
This patch removes that restriction and instead
allows all apps, regardless of location, to be
matched against the full mac_permissions.xml
policy file. This then allows all apps signed
with known good certs to receive the same selinux
domains of other apps with whom they share trust.
Change-Id: Iba569c046135c0e81140faf6296c5da26a243037
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
There was lax / incomplete error checking around the
construction of Apk handles. This change changes the ApkHandle
API and makes it throw IOException if the zipfile couldn't
be opened.
Additionally :
- Fix a resource leak in DefaultContainerService
- Report errors correctly during package moves.
bug: 15563874
Change-Id: Ic71a10709eb82b8f53405bbfb2320e80aa96b771
Add getTetheredDhcpRanges() interface and call it before calling
mNwService.startTethering() to update dhcp ranges. This will allow p2p app
to run well concurrently with other tethering app(e.g. usb tethering).
Change-Id: I5e8ffeb5d2d396f48b897cd9396f133e25ecca57
Signed-off-by: Jianzheng Zhou <jianzheng.zhou@freescale.com>
If all activities of a given stack were finishing, no activity was
marked as front-of-task. This confused ActivityManager, so make sure
there's always exactly one activity marked as front-of-task.
Change-Id: I087cbe10280d4a60aa5ccfaefe24a223523fb3f2
We don't want directories like profiles and the former
profile-cache from being included in the prune. SELinux would
have prevented the move, but that's very brittle.
bug: 15677279
Change-Id: I2ff5db056757ffacaf108bb07b02dc0cac7172dd
The presence of ".bc" files in an APK implies
incompatibility with any of the 64 bit ABIs.
bug: 14900093
Change-Id: I66ca339a9a149cb3b7e7b349033d80acdeb4140a
This allows callers to force an install to a particular
ABI. This is intended only for testing (and CTS) and is
not meant for usage by the installer package.
Change-Id: Icb1528c0cd35b1aa9323386cb35ff4aaba374fcb
Check that each package from the setting has
a parsed pkg before we attempt to perform dex-opt
on it. If it doesn't have a parsed package, adjust
the ABI in the settings, but don't perform dexopt.
It will be dexopted later if it's still active
based on the setting.
bug: 15081286
Change-Id: Ifb6d1d5efdc9c59b251731972afa951ad930d05c
The key improvement is that we need to keep track of
the package that's currently being scanned (this includes
new installs and upgrades of existing packages) and treat
it specially. If we didn't do that, In the case of upgrades
we would perform the shared UID calculation based on the ABI
of the old package, and not the current package.
This change also allows us to perform the CPU ABI calculation
before dexopt, which saves us from having to do it twice and
fixes a bug where we were using the wrong package path to
dexopt a package.
This also has the side effect of fixing 15081286.
bug: 15081286
Change-Id: I20f8ad36941fc3df29007f0e83ce82f38f3585c8
It's not worth the complexity of rescanning the APK and
extracting a shared library with a different ABI.
Also gets rid of an unnecessary command line argument and
checks for dex-opt failures while adjusting shared ABIs.
bug: 14453227
Change-Id: I6a0695e24cba37e93540c540507088e95b89089b
Allows us to choose what ABI a process uses when
launching it with "adb shell am instrument", for eg.
adb shell am instrument --abi arm64-v8a component/runner
Note that we only perform very basic validation of the
ABI. In general, there is no guarantee that the app will
launch with the instruction set we choose, for eg. if it
has native libraries that are for a different ABI.
bug: 14453227
Change-Id: Ifb7e89b53675080dc87941091ee5ac360f218d7f
As per a comment on an earlier code review.
(cherry-picked from commit a9d64733421d6765eab5c2730fa912f068e26047)
Change-Id: I064cffc13c323b721f3a16c83e0e95ee348ef9f6
