Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 01e719be authored by Martijn Coenen's avatar Martijn Coenen
Browse files

Allocate isolated UID ranges for app zygote and its children. 

Introduce a new range of app-zygote isolated UIDs, [90000..98999].
For each app that uses an application Zygote, allocate a range of
100 isolated UIDs. The application Zygote for an app will get a
UID out of that range, and all other children that are forked
from that zygote will get a UID from the same range.

Bug:  111434506
Test: app Zygote and its children run in the new range of
      isolated UIDs (with SELinux disabled). New set of
      tests for UID allocators pass.

Change-Id: I7a6883a5ddb95683932c93ea77f4e52d8f37fa4f
parent 7e6fa672

core/java/android/os/AppZygote.java

+6 −3
Original line number Diff line number Diff line
@@ -34,6 +34,8 @@ import com.android.internal.annotations.GuardedBy; 
public class AppZygote {

    private static final String LOG_TAG = "AppZygote";



    private final int mZygoteUid;



    private final Object mLock = new Object();



    /**
@@ -45,8 +47,9 @@ public class AppZygote { 


    private final ApplicationInfo mAppInfo;



    public AppZygote(ApplicationInfo appInfo) {

    public AppZygote(ApplicationInfo appInfo, int zygoteUid) {

        mAppInfo = appInfo;

        mZygoteUid = zygoteUid;

    }



    /**
@@ -94,8 +97,8 @@ public class AppZygote { 
            mZygote = Process.zygoteProcess.startChildZygote(

                    "com.android.internal.os.AppZygoteInit",

                    mAppInfo.processName + "_zygote",

                    mAppInfo.uid,

                    mAppInfo.uid,

                    mZygoteUid,

                    mZygoteUid,

                    null,  // gids

                    0,  // runtimeFlags

                    "app_zygote",  // seInfo

core/java/android/os/Process.java

+20 −1
Original line number Diff line number Diff line
@@ -204,6 +204,24 @@ public class Process { 
     */

    public static final int LAST_APPLICATION_UID = 19999;



    /**

     * First uid used for fully isolated sandboxed processes spawned from an app zygote

     * @hide

     */

    public static final int FIRST_APP_ZYGOTE_ISOLATED_UID = 90000;



    /**

     * Number of UIDs we allocate per application zygote

     * @hide

     */

    public static final int NUM_UIDS_PER_APP_ZYGOTE = 100;



    /**

     * Last uid used for fully isolated sandboxed processes spawned from an app zygote

     * @hide

     */

    public static final int LAST_APP_ZYGOTE_ISOLATED_UID = 98999;



    /**

     * First uid used for fully isolated sandboxed processes (with no permissions of their own)

     * @hide
@@ -650,7 +668,8 @@ public class Process { 
    /** {@hide} */

    public static final boolean isIsolated(int uid) {

        uid = UserHandle.getAppId(uid);

        return uid >= FIRST_ISOLATED_UID && uid <= LAST_ISOLATED_UID;

        return (uid >= FIRST_ISOLATED_UID && uid <= LAST_ISOLATED_UID)

                || (uid >= FIRST_APP_ZYGOTE_ISOLATED_UID && uid <= LAST_APP_ZYGOTE_ISOLATED_UID);

    }



    /**

core/java/android/os/UserHandle.java

+17 −8
Original line number Diff line number Diff line
@@ -138,8 +138,7 @@ public final class UserHandle implements Parcelable { 
     */

    public static boolean isIsolated(int uid) {

        if (uid > 0) {

            final int appId = getAppId(uid);

            return appId >= Process.FIRST_ISOLATED_UID && appId <= Process.LAST_ISOLATED_UID;

            return Process.isIsolated(uid);

        } else {

            return false;

        }
@@ -294,9 +293,14 @@ public final class UserHandle implements Parcelable { 
            sb.append('u');

            sb.append(getUserId(uid));

            final int appId = getAppId(uid);

            if (appId >= Process.FIRST_ISOLATED_UID && appId <= Process.LAST_ISOLATED_UID) {

            if (isIsolated(appId)) {

                if (appId > Process.FIRST_ISOLATED_UID) {

                    sb.append('i');

                    sb.append(appId - Process.FIRST_ISOLATED_UID);

                } else {

                    sb.append("ai");

                    sb.append(appId - Process.FIRST_APP_ZYGOTE_ISOLATED_UID);

                }

            } else if (appId >= Process.FIRST_APPLICATION_UID) {

                sb.append('a');

                sb.append(appId - Process.FIRST_APPLICATION_UID);
@@ -330,9 +334,14 @@ public final class UserHandle implements Parcelable { 
            pw.print('u');

            pw.print(getUserId(uid));

            final int appId = getAppId(uid);

            if (appId >= Process.FIRST_ISOLATED_UID && appId <= Process.LAST_ISOLATED_UID) {

            if (isIsolated(appId)) {

                if (appId > Process.FIRST_ISOLATED_UID) {

                    pw.print('i');

                    pw.print(appId - Process.FIRST_ISOLATED_UID);

                } else {

                    pw.print("ai");

                    pw.print(appId - Process.FIRST_APP_ZYGOTE_ISOLATED_UID);

                }

            } else if (appId >= Process.FIRST_APPLICATION_UID) {

                pw.print('a');

                pw.print(appId - Process.FIRST_APPLICATION_UID);

core/java/com/android/internal/os/WebViewZygoteInit.java

+0 −1
Original line number Diff line number Diff line
@@ -121,7 +121,6 @@ class WebViewZygoteInit { 


    public static void main(String argv[]) {

        Log.i(TAG, "Starting WebViewZygoteInit");



        WebViewZygoteServer server = new WebViewZygoteServer();

        ChildZygoteInit.runZygoteServer(server, argv);

    }

services/core/java/com/android/server/am/ActivityManagerService.java

+3 −2
Original line number Diff line number Diff line
@@ -1943,7 +1943,8 @@ public class ActivityManagerService extends IActivityManager.Stub 
            synchronized (this) {

                ProcessRecord app = mProcessList.newProcessRecordLocked(info, info.processName,

                        false,

                        0);

                        0,

                        false);

                app.setPersistent(true);

                app.pid = MY_PID;

                app.getWindowProcessController().setPid(MY_PID);
@@ -7407,7 +7408,7 @@ public class ActivityManagerService extends IActivityManager.Stub 
        }















        if (app == null) {













            app = mProcessList.newProcessRecordLocked(info, customProcess, isolated, 0);













            app = mProcessList.newProcessRecordLocked(info, customProcess, isolated, 0, false);















            mProcessList.updateLruProcessLocked(app, false, null);















            updateOomAdjLocked();















        }