Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 792d36c1 authored by Victor Hsieh's avatar Victor Hsieh Committed by Android (Google) Code Review
Browse files

Merge "Allow only selected priv apps to run OOB" into pi-dev

parents cdf52bec 785d618b

core/java/android/provider/Settings.java

+8 −0
Original line number Diff line number Diff line
@@ -8901,6 +8901,14 @@ public final class Settings { 
         */

        public static final String PRIV_APP_OOB_ENABLED = "priv_app_oob_enabled";













        /**













         * Comma separated list of privileged package names, which will be running out-of-box APK.













         * Default: "ALL"













         *













         * @hide













         */













        public static final String PRIV_APP_OOB_LIST = "priv_app_oob_list";



























        /**















         * The interval in milliseconds at which location requests will be throttled when they are















         * coming from the background.

































core/tests/coretests/src/android/provider/SettingsBackupTest.java



+1
−0




























Original line number
Diff line number
Diff line








@@ -357,6 +357,7 @@ public class SettingsBackupTest {













                    Settings.Global.POWER_MANAGER_CONSTANTS,















                    Settings.Global.PREFERRED_NETWORK_MODE,















                    Settings.Global.PRIV_APP_OOB_ENABLED,













                    Settings.Global.PRIV_APP_OOB_LIST,















                    Settings.Global.PROVISIONING_APN_ALARM_DELAY_IN_MS,















                    Settings.Global.RADIO_BLUETOOTH,















                    Settings.Global.RADIO_CELL,

































services/core/java/com/android/server/am/ActivityManagerService.java



+2
−1




























Original line number
Diff line number
Diff line








@@ -466,6 +466,7 @@ import com.android.server.firewall.IntentFirewall;













import com.android.server.job.JobSchedulerInternal;















import com.android.server.pm.Installer;















import com.android.server.pm.Installer.InstallerException;













import com.android.server.pm.dex.DexManager;















import com.android.server.utils.PriorityDump;















import com.android.server.vr.VrManagerInternal;















import com.android.server.wm.PinnedStackWindowController;










@@ -4311,7 +4312,7 @@ public class ActivityManagerService extends IActivityManager.Stub













            }





























            if (app.info.isPrivilegedApp() &&













                    SystemProperties.getBoolean("pm.dexopt.priv-apps-oob", false)) {













                    DexManager.isPackageSelectedToRunOob(app.pkgList.keySet())) {















                runtimeFlags |= Zygote.ONLY_USE_SYSTEM_OAT_FILES;















            }







































services/core/java/com/android/server/pm/PackageDexOptimizer.java



+4
−4




























Original line number
Diff line number
Diff line








@@ -34,6 +34,7 @@ import android.util.Slog;













import com.android.internal.annotations.GuardedBy;















import com.android.internal.util.IndentingPrintWriter;















import com.android.server.pm.Installer.InstallerException;













import com.android.server.pm.dex.DexManager;















import com.android.server.pm.dex.DexoptOptions;















import com.android.server.pm.dex.DexoptUtils;















import com.android.server.pm.dex.PackageDexUsage;










@@ -495,9 +496,8 @@ public class PackageDexOptimizer {













            boolean isUsedByOtherApps) {















        int flags = info.flags;















        boolean vmSafeMode = (flags & ApplicationInfo.FLAG_VM_SAFE_MODE) != 0;













        // When pm.dexopt.priv-apps-oob is true, we only verify privileged apps.













        if (info.isPrivilegedApp() &&













            SystemProperties.getBoolean("pm.dexopt.priv-apps-oob", false)) {













        // When a priv app is configured to run out of box, only verify it.













        if (info.isPrivilegedApp() && DexManager.isPackageSelectedToRunOob(info.packageName)) {















            return "verify";















        }















        if (vmSafeMode) {

































services/core/java/com/android/server/pm/PackageManagerService.java



+3
−25




























Original line number
Diff line number
Diff line








@@ -578,8 +578,6 @@ public class PackageManagerService extends IPackageManager.Stub



























    private static final String PRODUCT_OVERLAY_DIR = "/product/overlay";



























    private static final String PROPERTY_NAME_PM_DEXOPT_PRIV_APPS_OOB = "pm.dexopt.priv-apps-oob";



























    /** Canonical intent used to identify what counts as a "web browser" app */















    private static final Intent sBrowserIntent;















    static {










@@ -2459,7 +2457,7 @@ public class PackageManagerService extends IPackageManager.Stub













                "*dexopt*");















        DexManager.Listener dexManagerListener = DexLogger.getListener(this,















                installer, mInstallLock);













        mDexManager = new DexManager(this, mPackageDexOptimizer, installer, mInstallLock,













        mDexManager = new DexManager(mContext, this, mPackageDexOptimizer, installer, mInstallLock,















                dexManagerListener);















        mArtManagerService = new ArtManagerService(mContext, this, installer, mInstallLock);















        mMoveCallbacks = new MoveCallbacks(FgThread.get().getLooper());










@@ -10428,11 +10426,7 @@ public class PackageManagerService extends IPackageManager.Stub













                Log.d(TAG, "Scanning package " + pkg.packageName);















        }



























        if (Build.IS_DEBUGGABLE &&













                pkg.isPrivileged() &&













                SystemProperties.getBoolean(PROPERTY_NAME_PM_DEXOPT_PRIV_APPS_OOB, false)) {













            PackageManagerServiceUtils.logPackageHasUncompressedCode(pkg);













        }













        DexManager.maybeLogUnexpectedPackageDetails(pkg);





























        // Initialize package source and resource directories















        final File scanFile = new File(pkg.codePath);










@@ -21038,23 +21032,6 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());













                        .getUriFor(Secure.INSTANT_APPS_ENABLED), false, co, UserHandle.USER_SYSTEM);















        co.onChange(true);



























        // This observer provides an one directional mapping from Global.PRIV_APP_OOB_ENABLED to













        // pm.dexopt.priv-apps-oob property. This is only for experiment and should be removed once













        // it is done.













        ContentObserver privAppOobObserver = new ContentObserver(mHandler) {













            @Override













            public void onChange(boolean selfChange) {













                int oobEnabled = Global.getInt(resolver, Global.PRIV_APP_OOB_ENABLED, 0);













                SystemProperties.set(PROPERTY_NAME_PM_DEXOPT_PRIV_APPS_OOB,













                        oobEnabled == 1 ? "true" : "false");













            }













        };













        mContext.getContentResolver().registerContentObserver(













                Global.getUriFor(Global.PRIV_APP_OOB_ENABLED), false, privAppOobObserver,













                UserHandle.USER_SYSTEM);













        // At boot, restore the value from the setting, which persists across reboot.













        privAppOobObserver.onChange(true);



























        // Disable any carrier apps. We do this very early in boot to prevent the apps from being















        // disabled after already being started.















        CarrierAppUtils.disableCarrierAppsUntilPrivileged(mContext.getOpPackageName(), this,










@@ -21143,6 +21120,7 @@ Slog.v(TAG, ":: stepped forward, applying functor at tag " + parser.getName());













        storage.registerListener(mStorageListener);





























        mInstallerService.systemReady();













        mDexManager.systemReady();















        mPackageDexOptimizer.systemReady();





























        StorageManagerInternal StorageManagerInternal = LocalServices.getService(