Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1f88ad66 authored Sep 13, 2017 by Nicolas Geoffray

Special handling of priv-apps in Zygote.

If pm.dexopt.priv-apps is set to false, disable verifier and
only allow loading oat files from system.

bug: 30972906
bug: 63920015

Test: works as expected when pm.dexopt.priv-apps is true or false
Change-Id: Ib9e80c9b7b4106e82c0b9d1c7fbb8065c190ac1f

parent 60eae6e6

core/java/com/android/internal/os/Zygote.java

+5 −0

Original line number	Diff line number	Diff line
		@@ -51,6 +51,11 @@ public final class Zygote {
		/** Make the code Java debuggable by turning off some optimizations. */
		public static final int DEBUG_JAVA_DEBUGGABLE = 1 << 8;

		/** Turn off the verifier. */
		public static final int DISABLE_VERIFIER = 1 << 9;
		/** Only use oat files located in /system. Otherwise use dex/jar/apk . */
		public static final int ONLY_USE_SYSTEM_OAT_FILES = 1 << 10;

		/** No external storage should be mounted. */
		public static final int MOUNT_EXTERNAL_NONE = 0;
		/** Default external storage should be mounted. */

services/core/java/com/android/server/am/ActivityManagerService.java

+6 −0

Original line number	Diff line number	Diff line
		@@ -3871,6 +3871,12 @@ public class ActivityManagerService extends IActivityManager.Stub
		mNativeDebuggingApp = null;
		}

		if (app.info.isPrivilegedApp() &&
		!SystemProperties.getBoolean("pm.dexopt.priv-apps", true)) {
		runtimeFlags \|= Zygote.DISABLE_VERIFIER;
		runtimeFlags \|= Zygote.ONLY_USE_SYSTEM_OAT_FILES;
		}

		String invokeWith = null;
		if ((app.info.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0) {
		// Debuggable apps may include a wrapper script with their library directory.