Most pre-Q devices actually reserved around 130MiB in the 32-bit zygote
for the WebView native library; 100MiB was only the lower limit and the
file size based calculation that older OS versions use would come up
with a larger number. Increase the hardcoded value for Q to 130MiB so
that the behaviour is roughly the same across OS versions.
Fixes: 132081320
Test: manually verified via inspection of process maps
Change-Id: I0f03ac2f118bb0627ea6be229e5064d4590d8afb
We start WebViewZygote at boot time to ensure the first app to use
WebView doesn't have to wait, but we were not waiting for RELRO creation
to finish before doing so. Move the background task which starts the
zygote to WebViewUpdateServiceImpl and have it wait for the RELRO first
to ensure that we get the memory saving of RELRO sharing whenever
possible, instead of only when the timing happens to work out by chance.
Fixes: 130305037
Test: manual, check logs and relro sharing status after boot
Change-Id: I55c3f80b0db1dc82727b90c70f777618ca77a942
We no longer need to support fallback packages and need to migrate them
back to being enabled (but only once, to allow the user to disable them
manually later). This CL:
1) Removes the logic which enables/disables packages and the test cases
which only cover the enabling/disabling logic.
2) Checks at boot time if the fallback logic is enabled; if so, it
re-enables the fallback package if one exists and then disables the
fallback logic permanently.
3) Amends remaining test cases to use "primary" and "secondary" instead
of primary/fallback, to keep testing that higher priority packages
are more preferred without involving the fallback behaviour.
4) Fixes a bug in the package selection logic that would not have
triggered in the previous setup (as our production configs never had
more than one available-by-default, non-fallback packages) that was
revealed by one of the modified test cases: the boot time logic to
reset the user's setting if their previously chosen provider was no
longer available triggered even if the user had not actually chosen a
provider, causing the automatically selected provider to be
considered a manual user choice, and preventing a higher priority
provider from being automatically chosen if it later becomes
available.
Bug: 126588129
Test: atest WebViewUpdateServiceTest
Change-Id: I532c0faae2427de7132f716725bf62e256975410
The WebView stub is only used in Monochrome configurations and is no
longer required with Trichrome. Remove the special case code used to
support it in the past.
Bug: 129470358
Test: atest CtsWebkitTestCases
Change-Id: Ieb11ae6698f370a1d601459e6253fc7dbe146014
This adds a reference to the View method that controls framework force
dark, which impacts how FORCE_DARK_AUTO is interpreted. It also
documents that FORCE_DARK_AUTO is the default.
Test: documentation only change
Fixes: 128704481
Change-Id: I88e7996362da5b092b269c313e37ef9253b12872
If there are multiple APKs as part of the WebView implementation (due to
splits, shared libraries, or overlays) add them all to the asset path,
instead of just the base APK.
Bug: 124116212
Test: manually tested with modified Trichrome build
Change-Id: I912e741b6de3154f66e5e82c9cf7154c6d39b1a4
This reverts the WebViewFactory changes from commit
527fa8f4de which appear to have changed
the way that the asset path is updated in an incompatible way.
Bug: 124116212
Fixes: 128489090
Test: launch affected applications
Change-Id: Id53dedef4fa55a6b8cea8a60326a4b8acd3422f8
Add all splits and shared libraries used by the WebView implementation
to the application's asset path, instead of just the base APK. Fix the
asset manipulation code path in WebViewFactory to reuse the modern
implementation in WebViewDelegate (using appendLibAssetForMainAssetPath)
instead of relying on addAssetPathAsSharedLibrary.
Add a new variant of appendLibAssetForMainAssetPath which accepts
multiple paths at once, to make it more efficient.
Bug: 124116212
Test: atest CtsWebkitTestCases
Change-Id: Ie55525d78089a4595c5b0b126e4ff1530303afe8
Per API council request, remove setForceDarkMode -> setForceDark to
align with other framework naming.
Bug: 120599879
Test: None
Change-Id: I3f4ed00303d7e4b7d0651a384324a8b265663290
PictureListener was deprecated, we need to replace its mentioning in
onPageFinished() javadoc with postVisualStateCallback().
Bug: 125939241
Test: make ds-docs
Change-Id: I7c1641c86632bb6c8214fd701e052096952deeec
Followup from API council review:
* Rename Renderer to RenderProcess for consistency with existing APIs.
* Make WebViewRenderProcess constructor public.
* Document 5 second minimum interval between successive callbacks.
Bug: 124767616
Bug: 123629980
Test: atest 'CtsWebkitTestCases'
Change-Id: I4416a97e8bb449c4a14a3617ef72a49c92aa3a83
For packages:
android.speech
android.telephony.mbms.vendor
android.view
android.webkit
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Merged-In: Iefe25091fa0fcc0adfe4ff85fe5e3ab3ac9c5f10
Change-Id: I04104cf3852a0a7440676ccc55dd96c1eec730c4
If they were null, then the Parcelable would fail to work.
Bug: 126726802
Test: manual
Change-Id: I7929ffa2f20e5de1c8e68e8263cca99496e9d014
Exempt-From-Owner-Approval: Trivial API annotations
For packages:
android.speech
android.telephony.mbms.vendor
android.view
android.webkit
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: Iefe25091fa0fcc0adfe4ff85fe5e3ab3ac9c5f10
Apps targeting Q+ will not get the backward compatibility quirk for
loadData content using a # character applied and will instead get the
documented/spec-compliant behaviour; document this.
Bug: 124371734
Test: m offline-sdk-docs
Change-Id: I05a3b4e951f4b3b051e94a22ba3eeae486228fbb
No change to logic, only OWNERS file.
I'm proposing myself as a code owner for frameworks/base/.../webkit. I'm
already an owner for our AndroidX APIs, so I think it's reasonable and
convenient to also be an owner for our framework APIs too.
Bug: None
Test: None
Change-Id: I602ad9fb88017c68e7e58cb29093fa29d80c1fc4
The webview zygote is shared for all users on the system, and so unlike
the app zygote, it can't use a single whitelisted UID range. For now,
clamp to the upper bound of the UID range, until we have a better idea.
This is still an improvement from the previous status quo, because it
will prevent setuid/setgid into system users.
Bug: 123597434
Test: builds, webview_zygote running
Change-Id: Ia975826ed5b1f20cabb46f60f5951723b1ba80c9
This commit made the following changes to make the code conform to the
Frameworks style guide:
* Re-named variables
* Re-flowed code
* Organized includes
Topic: zygote-prefork
Test: make & flash & launch apps
Bug: 68253328
Change-Id: I9274b32f1f606f29f6eb3a1e5068ca18f607afe7
Merged-In: I9274b32f1f606f29f6eb3a1e5068ca18f607afe7
In the "common" case where the WebView stub is not being used, have the
WebView zygote use the new APK preload path added for the app zygote,
which avoids duplicating logic from the framework to construct the
classpath. This allows the WebView implementation to use a static shared
library, which was not previously possible.
The old codepath is retained for now to keep the WebView stub working
when it's in use, as it requires the special mechanism to override the
classloader cache key, but this can be removed when we no longer require
the stub.
Bug: 110790153
Test: Manual verification of classloader cache state
Change-Id: Ie49e5810d570bae7bec0341753e6c50d081189b5
This commit made the following changes to make the code conform to the
Frameworks style guide:
* Re-named variables
* Re-flowed code
* Organized includes
Topic: zygote-prefork
Test: make & flash & launch apps
Bug: 68253328
Change-Id: I9274b32f1f606f29f6eb3a1e5068ca18f607afe7
No change to logic, only docs.
This adds {@link}'s for references to SslErrorHandler methods, improving
readability. This also clarifies this API is only called for recoverable
errors.
Fixes: 123042566
Test: m offline-sdk-docs
Change-Id: I0e94c9903e638e2fce59f35ec76eb5566e7ad875
The application zygote can run untrusted user code; since it also
has the capability to change the uid/gid of the process, we need
to ensure that any changes to the uid and/or gid stay within the
range that we have allocated for this application zygote.
For application zygotes, we install the app_zygote seccomp
filter instead of the regular app filter; the only difference
between this filter and the app one is that it allows
setuid/setgid calls.
To further limit this, pass down the allocated UID range to the
Zygote itself, which in turn installs an additional seccomp
filter that restricts setuid/setgid calls to this range.
The actual calls into seccomp are commented out until the seccomp
changes are merged; to avoid catastrophe, this will leave the
regular app filter for the app_zygote, which is more restrictive
and doesn't allow setuid at all.
Bug: 111434506
Test: atest CtsSeccompHostTestCases passes
Change-Id: I112419629f5ee4774ccbf77e2b1cfa5ddcf77e73
