Loading core/jni/com_android_internal_os_Zygote.cpp +5 −5 Original line number Diff line number Diff line Loading @@ -1559,7 +1559,6 @@ static void isolateAppData(JNIEnv* env, jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list, uid_t uid, const char* process_name, jstring managed_nice_name, fail_fn_t fail_fn) { ensureInAppMountNamespace(fail_fn); std::vector<std::string> merged_data_info_list; insertPackagesToMergedList(env, merged_data_info_list, pkg_data_info_list, process_name, managed_nice_name, fail_fn); Loading Loading @@ -1706,10 +1705,11 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids, MountEmulatedStorage(uid, mount_external, need_pre_initialize_native_bridge, fail_fn); // System services, isolated process, webview/app zygote, old target sdk app, should // give a null in same_uid_pkgs and private_volumes so they don't need app data isolation. // Isolated process / webview / app zygote should be gated by SELinux and file permission // so they can't even traverse CE / DE directories. // Make sure app is running in its own mount namespace before isolating its data directories. ensureInAppMountNamespace(fail_fn); // Sandbox data and jit profile directories by overlaying a tmpfs on those dirs and bind // mount all related packages separately. if (mount_data_dirs) { isolateAppData(env, pkg_data_info_list, whitelisted_data_info_list, uid, process_name, managed_nice_name, fail_fn); Loading Loading
core/jni/com_android_internal_os_Zygote.cpp +5 −5 Original line number Diff line number Diff line Loading @@ -1559,7 +1559,6 @@ static void isolateAppData(JNIEnv* env, jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list, uid_t uid, const char* process_name, jstring managed_nice_name, fail_fn_t fail_fn) { ensureInAppMountNamespace(fail_fn); std::vector<std::string> merged_data_info_list; insertPackagesToMergedList(env, merged_data_info_list, pkg_data_info_list, process_name, managed_nice_name, fail_fn); Loading Loading @@ -1706,10 +1705,11 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids, MountEmulatedStorage(uid, mount_external, need_pre_initialize_native_bridge, fail_fn); // System services, isolated process, webview/app zygote, old target sdk app, should // give a null in same_uid_pkgs and private_volumes so they don't need app data isolation. // Isolated process / webview / app zygote should be gated by SELinux and file permission // so they can't even traverse CE / DE directories. // Make sure app is running in its own mount namespace before isolating its data directories. ensureInAppMountNamespace(fail_fn); // Sandbox data and jit profile directories by overlaying a tmpfs on those dirs and bind // mount all related packages separately. if (mount_data_dirs) { isolateAppData(env, pkg_data_info_list, whitelisted_data_info_list, uid, process_name, managed_nice_name, fail_fn); Loading
