Merge "Use GID "wakelock" to control access to kernel wakelock" (91fc6d1f) · Commits · e / os / android_frameworks_base

core/java/com/android/internal/os/ZygoteInit.java

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -519,7 +519,7 @@ public class ZygoteInit {
	String args[] = {		String args[] = {
	"--setuid=1000",		"--setuid=1000",
	"--setgid=1000",		"--setgid=1000",
	"--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,1021,1032,3001,3002,3003,3006,3007,3009",		"--setgroups=1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1018,1021,1032,3001,3002,3003,3006,3007,3009,3010",
	"--capabilities=" + capabilities + "," + capabilities,		"--capabilities=" + capabilities + "," + capabilities,
	"--nice-name=system_server",		"--nice-name=system_server",
	"--runtime-args",		"--runtime-args",

core/jni/com_android_internal_os_Zygote.cpp

+23 −23

Original line number	Original line	Diff line number	Diff line
	@@ -606,31 +606,31 @@ static jint com_android_internal_os_Zygote_nativeForkAndSpecialize(
	jint mount_external, jstring se_info, jstring se_name,		jint mount_external, jstring se_info, jstring se_name,
	jintArray fdsToClose, jstring instructionSet, jstring appDataDir) {		jintArray fdsToClose, jstring instructionSet, jstring appDataDir) {
	jlong capabilities = 0;		jlong capabilities = 0;

			// Grant CAP_WAKE_ALARM to the Bluetooth process.
	if (uid == AID_BLUETOOTH) {		if (uid == AID_BLUETOOTH) {
	// Grant CAP_WAKE_ALARM and CAP_BLOCK_SUSPEND to the Bluetooth process.
	capabilities \|= (1LL << CAP_WAKE_ALARM);		capabilities \|= (1LL << CAP_WAKE_ALARM);
	capabilities \|= (1LL << CAP_BLOCK_SUSPEND);

	// Add the Bluetooth process to the system group.
	jsize length = env->GetArrayLength(reinterpret_cast<jarray>(gids));
	jintArray gids_with_system = env->NewIntArray(length + 1);
	if (!gids_with_system) {
	RuntimeAbort(env, __LINE__, "could not allocate java array for gids");
	}		}

	jint *gids_elements = env->GetIntArrayElements(gids, NULL);		// Grant CAP_BLOCK_SUSPEND to processes that belong to GID "wakelock"
	jint *gids_with_system_elements = env->GetIntArrayElements(gids_with_system, NULL);		bool gid_wakelock_found = false;
			if (gid == AID_WAKELOCK) {
	if (!gids_elements \|\| !gids_with_system_elements) {		gid_wakelock_found = true;
	RuntimeAbort(env, __LINE__, "could not allocate arrays for gids");		} else if (gids != NULL) {
			jsize gids_num = env->GetArrayLength(gids);
			ScopedIntArrayRO ar(env, gids);
			if (ar.get() == NULL) {
			RuntimeAbort(env, __LINE__, "Bad gids array");
	}		}
			for (int i = 0; i < gids_num; i++) {
	gids_with_system_elements[0] = AID_SYSTEM;		if (ar[i] == AID_WAKELOCK) {
	memcpy(&gids_with_system_elements[1], &gids_elements[0], length * sizeof(jint));		gid_wakelock_found = true;
			break;
	env->ReleaseIntArrayElements(gids, gids_elements, JNI_ABORT);		}
	env->ReleaseIntArrayElements(gids_with_system, gids_with_system_elements, 0);		}
	gids = gids_with_system;		}
			if (gid_wakelock_found) {
			capabilities \|= (1LL << CAP_BLOCK_SUSPEND);
	}		}

	return ForkAndSpecializeCommon(env, uid, gid, gids, debug_flags,		return ForkAndSpecializeCommon(env, uid, gid, gids, debug_flags,

data/etc/platform.xml

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -44,6 +44,7 @@

	<permission name="android.permission.BLUETOOTH_STACK" >		<permission name="android.permission.BLUETOOTH_STACK" >
	<group gid="net_bt_stack" />		<group gid="net_bt_stack" />
			<group gid="wakelock" />
	</permission>		</permission>

	<permission name="android.permission.NET_TUNNELING" >		<permission name="android.permission.NET_TUNNELING" >