Merge changes I10df1eff,I6338666e,I867d163d

    int bindServiceLocked(IApplicationThread caller, IBinder token, Intent service,

            String resolvedType, final IServiceConnection connection, int flags,

            String instanceName, boolean isSupplementalProcessService, String callingPackage,

            final int userId)

            String instanceName, boolean isSupplementalProcessService, int supplementedAppUid,

            String callingPackage, final int userId)

            throws TransactionTooLargeException {

        if (DEBUG_SERVICE) Slog.v(TAG_SERVICE, "bindService: " + service

                + " type=" + resolvedType + " conn=" + connection.asBinder()

        final boolean allowInstant = (flags & Context.BIND_ALLOW_INSTANT) != 0;

        ServiceLookupResult res = retrieveServiceLocked(service, instanceName,

                isSupplementalProcessService, resolvedType, callingPackage, callingPid, callingUid,

                userId, true, callerFg, isBindExternal, allowInstant);

                isSupplementalProcessService, supplementedAppUid, resolvedType, callingPackage,

                callingPid, callingUid, userId, true, callerFg, isBindExternal, allowInstant);

        if (res == null) {

            return 0;

        }

            int callingPid, int callingUid, int userId,

            boolean createIfNeeded, boolean callingFromFg, boolean isBindExternal,

            boolean allowInstant) {

        return retrieveServiceLocked(service, instanceName, false, resolvedType, callingPackage,

        return retrieveServiceLocked(service, instanceName, false, 0, resolvedType, callingPackage,

                callingPid, callingUid, userId, createIfNeeded, callingFromFg, isBindExternal,

                allowInstant);

    }

    private ServiceLookupResult retrieveServiceLocked(Intent service,

            String instanceName, boolean isSupplementalProcessService, String resolvedType,

            String instanceName, boolean isSupplementalProcessService, int supplementedAppUid,

            String resolvedType,

            String callingPackage, int callingPid, int callingUid, int userId,

            boolean createIfNeeded, boolean callingFromFg, boolean isBindExternal,

            boolean allowInstant) {

                                                                                  : null;

                    r = new ServiceRecord(mAm, className, name, definingPackageName,

                            definingUid, filter, sInfo, callingFromFg, res,

                            supplementalProcessName);

                            supplementalProcessName, supplementedAppUid);

                    res.setService(r);

                    smap.mServicesByInstanceName.put(name, r);

                    smap.mServicesByIntent.put(filter, r);

        if (app == null && !permissionsReviewRequired && !packageFrozen) {

            // TODO (chriswailes): Change the Zygote policy flags based on if the launch-for-service

            //  was initiated from a notification tap or not.

            if ((app = mAm.startProcessLocked(procName, r.appInfo, true, intentFlags,

                        hostingRecord, ZYGOTE_POLICY_FLAG_EMPTY, false, isolated)) == null) {

            if (r.supplemental) {

                final int uid = Process.toSupplementalUid(r.supplementedAppUid);

                app = mAm.startSupplementalProcessLocked(procName, r.appInfo, true, intentFlags,

                        hostingRecord, ZYGOTE_POLICY_FLAG_EMPTY, uid);

                r.isolationHostProc = app;

            } else {

                app = mAm.startProcessLocked(procName, r.appInfo, true, intentFlags,

                        hostingRecord, ZYGOTE_POLICY_FLAG_EMPTY, false, isolated);

            }

            if (app == null) {

                String msg = "Unable to launch app "

                        + r.appInfo.packageName + "/"

                        + r.appInfo.uid + " for service "

            synchronized (this) {

                ProcessRecord app = mProcessList.newProcessRecordLocked(info, info.processName,

                        false,

                        0,

                        false,

                        0,

                        new HostingRecord("system"));

                    false /* knownToBeDead */, 0 /* intentFlags */,

                    sNullHostingRecord  /* hostingRecord */, ZYGOTE_POLICY_FLAG_EMPTY,

                    true /* allowWhileBooting */, true /* isolated */,

                    uid, abiOverride, entryPoint, entryPointArgs, crashHandler);

                    uid, false /* supplemental */, 0 /* supplementalUid */,

                    abiOverride, entryPoint, entryPointArgs, crashHandler);

            return proc != null;

        }

    }

    @GuardedBy("this")

    final ProcessRecord startSupplementalProcessLocked(String processName,

            ApplicationInfo info, boolean knownToBeDead, int intentFlags,

            HostingRecord hostingRecord, int zygotePolicyFlags, int supplementalUid) {

        return mProcessList.startProcessLocked(processName, info, knownToBeDead, intentFlags,

                hostingRecord, zygotePolicyFlags, false /* allowWhileBooting */,

                false /* isolated */, 0 /* isolatedUid */,

                true /* supplemental */, supplementalUid,

                null /* ABI override */, null /* entryPoint */,

                null /* entryPointArgs */, null /* crashHandler */);

    }

    @GuardedBy("this")

    final ProcessRecord startProcessLocked(String processName,

            ApplicationInfo info, boolean knownToBeDead, int intentFlags,

            boolean isolated) {

        return mProcessList.startProcessLocked(processName, info, knownToBeDead, intentFlags,

                hostingRecord, zygotePolicyFlags, allowWhileBooting, isolated, 0 /* isolatedUid */,

                false /* supplemental */, 0 /* supplementalUid */,

                null /* ABI override */, null /* entryPoint */,

                null /* entryPointArgs */, null /* crashHandler */);

    }

        if (app == null) {

            app = mProcessList.newProcessRecordLocked(info, customProcess, isolated, 0,

                    false, 0,

                    new HostingRecord("added application",

                        customProcess != null ? customProcess : info.processName));

            updateLruProcessLocked(app, false, null);

            String resolvedType, IServiceConnection connection, int flags, String instanceName,

            String callingPackage, int userId) throws TransactionTooLargeException {

        return bindServiceInstance(caller, token, service, resolvedType, connection, flags,

                instanceName, false, callingPackage, userId);

                instanceName, false, 0, callingPackage, userId);

    }

    private int bindServiceInstance(IApplicationThread caller, IBinder token, Intent service,

            String resolvedType, IServiceConnection connection, int flags, String instanceName,

            boolean isSupplementalProcessService, String callingPackage, int userId)

            boolean isSupplementalProcessService, int supplementedAppUid, String callingPackage,

            int userId)

            throws TransactionTooLargeException {

        enforceNotIsolatedCaller("bindService");

        synchronized(this) {

            return mServices.bindServiceLocked(caller, token, service, resolvedType, connection,

                    flags, instanceName, isSupplementalProcessService, callingPackage, userId);

                    flags, instanceName, isSupplementalProcessService, supplementedAppUid,

                    callingPackage, userId);

        }

    }

            return ActivityManagerService.this.bindServiceInstance(

                    mContext.getIApplicationThread(), mContext.getActivityToken(), service,

                    service.resolveTypeIfNeeded(mContext.getContentResolver()), sd, flags,

                    processName, /*isSupplementalProcessService*/ true, mContext.getOpPackageName(),

                    UserHandle.getUserId(userAppUid)) != 0;

                    processName, /*isSupplementalProcessService*/ true, userAppUid,

                    mContext.getOpPackageName(), UserHandle.getUserId(userAppUid)) != 0;

        }

        @Override

    ProcessRecord startProcessLocked(String processName, ApplicationInfo info,

            boolean knownToBeDead, int intentFlags, HostingRecord hostingRecord,

            int zygotePolicyFlags, boolean allowWhileBooting, boolean isolated, int isolatedUid,

            boolean supplemental, int supplementalUid,

            String abiOverride, String entryPoint, String[] entryPointArgs, Runnable crashHandler) {

        long startTime = SystemClock.uptimeMillis();

        ProcessRecord app;

        if (app == null) {

            checkSlow(startTime, "startProcess: creating new process record");

            app = newProcessRecordLocked(info, processName, isolated, isolatedUid, hostingRecord);

            app = newProcessRecordLocked(info, processName, isolated, isolatedUid, supplemental,

                    supplementalUid, hostingRecord);

            if (app == null) {

                Slog.w(TAG, "Failed making new process record for "

                        + processName + "/" + info.uid + " isolated=" + isolated);

    @GuardedBy("mService")

    ProcessRecord newProcessRecordLocked(ApplicationInfo info, String customProcess,

            boolean isolated, int isolatedUid, HostingRecord hostingRecord) {

            boolean isolated, int isolatedUid, boolean supplemental, int supplementalUid,

            HostingRecord hostingRecord) {

        String proc = customProcess != null ? customProcess : info.processName;

        final int userId = UserHandle.getUserId(info.uid);

        int uid = info.uid;

        if (supplemental) {

            uid = supplementalUid;

        }

        if (isolated) {

            if (isolatedUid == 0) {

                IsolatedUidRange uidRange = getOrCreateIsolatedUidRangeLocked(info, hostingRecord);

    final boolean exported; // from ServiceInfo.exported

    final Runnable restarter; // used to schedule retries of starting the service

    final long createRealTime;  // when this service was created

    final boolean supplemental; // whether this is a supplemental service

    final int supplementedAppUid; // the app uid for which this supplemental service is running

    final ArrayMap<Intent.FilterComparison, IntentBindRecord> bindings

            = new ArrayMap<Intent.FilterComparison, IntentBindRecord>();

                            // All active bindings to the service.

            Intent.FilterComparison intent, ServiceInfo sInfo, boolean callerIsFg,

            Runnable restarter) {

        this(ams, name, instanceName, definingPackageName, definingUid, intent, sInfo, callerIsFg,

                restarter, null);

                restarter, null, 0);

    }

    ServiceRecord(ActivityManagerService ams, ComponentName name,

            ComponentName instanceName, String definingPackageName, int definingUid,

            Intent.FilterComparison intent, ServiceInfo sInfo, boolean callerIsFg,

            Runnable restarter, String supplementalProcessName) {

            Runnable restarter, String supplementalProcessName, int supplementedAppUid) {

        this.ams = ams;

        this.name = name;

        this.instanceName = instanceName;

        serviceInfo = sInfo;

        appInfo = sInfo.applicationInfo;

        packageName = sInfo.applicationInfo.packageName;

        supplemental = supplementalProcessName != null;

        this.supplementedAppUid = supplementedAppUid;

        if ((sInfo.flags & ServiceInfo.FLAG_ISOLATED_PROCESS) != 0) {

            processName = sInfo.processName + ":" + instanceName.getClassName();

        } else if (supplementalProcessName != null) {

            return new PackageVerificationResult(null,

                    /* isAttributionTagValid */ true);

        }

        if (Process.isSupplemental(uid)) {

            // Supplemental processes run in their own UID range, but their associated

            // UID for checks should always be the UID of the supplemental package.

            // TODO: We will need to modify the callers of this function instead, so

            // modifications and checks against the app ops state are done with the

            // correct UID.

            try {

                final PackageManager pm = mContext.getPackageManager();

                final String supplementalPackageName = pm.getSupplementalProcessPackageName();

                if (Objects.equals(packageName, supplementalPackageName)) {

                    int supplementalAppId = pm.getPackageUid(supplementalPackageName,

                            PackageManager.PackageInfoFlags.of(0));

                    uid = UserHandle.getUid(UserHandle.getUserId(uid), supplementalAppId);

                }

            } catch (PackageManager.NameNotFoundException e) {

                // Shouldn't happen for the supplemental package

                e.printStackTrace();

            }

        }

        // Do not check if uid/packageName/attributionTag is already known.

        synchronized (this) {