Merge changes I04ac8fba,Ia0a8548f am: db6628bb7d (a534c950) · Commits · e / os / android_frameworks_base

core/java/android/os/ZygoteProcess.java

+9 −9

Original line number	Diff line number	Diff line
		@@ -333,7 +333,7 @@ public class ZygoteProcess {
		* started.
		* @param pkgDataInfoMap Map from related package names to private data directory
		* volume UUID and inode number.
		* @param whitelistedDataInfoMap Map from allowlisted package names to private data directory
		* @param allowlistedDataInfoList Map from allowlisted package names to private data directory
		* volume UUID and inode number.
		* @param bindMountAppsData whether zygote needs to mount CE and DE data.
		* @param bindMountAppStorageDirs whether zygote needs to mount Android/obb and Android/data.
		@@ -359,7 +359,7 @@ public class ZygoteProcess {
		@Nullable Map<String, Pair<String, Long>>
		pkgDataInfoMap,
		@Nullable Map<String, Pair<String, Long>>
		whitelistedDataInfoMap,
		allowlistedDataInfoList,
		boolean bindMountAppsData,
		boolean bindMountAppStorageDirs,
		@Nullable String[] zygoteArgs) {
		@@ -373,7 +373,7 @@ public class ZygoteProcess {
		runtimeFlags, mountExternal, targetSdkVersion, seInfo,
		abi, instructionSet, appDataDir, invokeWith, /startChildZygote=/ false,
		packageName, zygotePolicyFlags, isTopApp, disabledCompatChanges,
		pkgDataInfoMap, whitelistedDataInfoMap, bindMountAppsData,
		pkgDataInfoMap, allowlistedDataInfoList, bindMountAppsData,
		bindMountAppStorageDirs, zygoteArgs);
		} catch (ZygoteStartFailedEx ex) {
		Log.e(LOG_TAG,
		@@ -615,7 +615,7 @@ public class ZygoteProcess {
		* @param disabledCompatChanges a list of disabled compat changes for the process being started.
		* @param pkgDataInfoMap Map from related package names to private data directory volume UUID
		* and inode number.
		* @param whitelistedDataInfoMap Map from allowlisted package names to private data directory
		* @param allowlistedDataInfoList Map from allowlisted package names to private data directory
		* volume UUID and inode number.
		* @param bindMountAppsData whether zygote needs to mount CE and DE data.
		* @param bindMountAppStorageDirs whether zygote needs to mount Android/obb and Android/data.
		@@ -642,7 +642,7 @@ public class ZygoteProcess {
		@Nullable Map<String, Pair<String, Long>>
		pkgDataInfoMap,
		@Nullable Map<String, Pair<String, Long>>
		whitelistedDataInfoMap,
		allowlistedDataInfoList,
		boolean bindMountAppsData,
		boolean bindMountAppStorageDirs,
		@Nullable String[] extraArgs)
		@@ -733,12 +733,12 @@ public class ZygoteProcess {
		}
		argsForZygote.add(sb.toString());
		}
		if (whitelistedDataInfoMap != null && whitelistedDataInfoMap.size() > 0) {
		if (allowlistedDataInfoList != null && allowlistedDataInfoList.size() > 0) {
		StringBuilder sb = new StringBuilder();
		sb.append(Zygote.WHITELISTED_DATA_INFO_MAP);
		sb.append(Zygote.ALLOWLISTED_DATA_INFO_MAP);
		sb.append("=");
		boolean started = false;
		for (Map.Entry<String, Pair<String, Long>> entry : whitelistedDataInfoMap.entrySet()) {
		for (Map.Entry<String, Pair<String, Long>> entry : allowlistedDataInfoList.entrySet()) {
		if (started) {
		sb.append(',');
		}
		@@ -1318,7 +1318,7 @@ public class ZygoteProcess {
		true /* startChildZygote /, null / packageName */,
		ZYGOTE_POLICY_FLAG_SYSTEM_PROCESS /* zygotePolicyFlags /, false / isTopApp */,
		null /* disabledCompatChanges /, null / pkgDataInfoMap */,
		null /* whitelistedDataInfoMap /, true / bindMountAppsData*/,
		null /* allowlistedDataInfoList /, true / bindMountAppsData*/,
		/* bindMountAppStorageDirs */ false, extraArgs);

		} catch (ZygoteStartFailedEx ex) {

core/java/com/android/internal/os/Zygote.java

+10 −10

Original line number	Diff line number	Diff line
		@@ -202,7 +202,7 @@ public final class Zygote {
		public static final String PKG_DATA_INFO_MAP = "--pkg-data-info-map";

		/** List of allowlisted packages and its app data info: volume uuid and inode. */
		public static final String WHITELISTED_DATA_INFO_MAP = "--whitelisted-data-info-map";
		public static final String ALLOWLISTED_DATA_INFO_MAP = "--allowlisted-data-info-map";

		/** Bind mount app storage dirs to lower fs not via fuse */
		public static final String BIND_MOUNT_APP_STORAGE_DIRS = "--bind-mount-storage-dirs";
		@@ -324,7 +324,7 @@ public final class Zygote {
		* @param isTopApp true if the process is for top (high priority) application.
		* @param pkgDataInfoList A list that stores related packages and its app data
		* info: volume uuid and inode.
		* @param whitelistedDataInfoList Like pkgDataInfoList, but it's for allowlisted apps.
		* @param allowlistedDataInfoList Like pkgDataInfoList, but it's for allowlisted apps.
		* @param bindMountAppDataDirs True if the zygote needs to mount data dirs.
		* @param bindMountAppStorageDirs True if the zygote needs to mount storage dirs.
		*
		@@ -334,14 +334,14 @@ public final class Zygote {
		static int forkAndSpecialize(int uid, int gid, int[] gids, int runtimeFlags,
		int[][] rlimits, int mountExternal, String seInfo, String niceName, int[] fdsToClose,
		int[] fdsToIgnore, boolean startChildZygote, String instructionSet, String appDataDir,
		boolean isTopApp, String[] pkgDataInfoList, String[] whitelistedDataInfoList,
		boolean isTopApp, String[] pkgDataInfoList, String[] allowlistedDataInfoList,
		boolean bindMountAppDataDirs, boolean bindMountAppStorageDirs) {
		ZygoteHooks.preFork();

		int pid = nativeForkAndSpecialize(
		uid, gid, gids, runtimeFlags, rlimits, mountExternal, seInfo, niceName, fdsToClose,
		fdsToIgnore, startChildZygote, instructionSet, appDataDir, isTopApp,
		pkgDataInfoList, whitelistedDataInfoList, bindMountAppDataDirs,
		pkgDataInfoList, allowlistedDataInfoList, bindMountAppDataDirs,
		bindMountAppStorageDirs);
		if (pid == 0) {
		// Note that this event ends at the end of handleChildProc,
		@@ -364,7 +364,7 @@ public final class Zygote {
		int runtimeFlags, int[][] rlimits, int mountExternal, String seInfo, String niceName,
		int[] fdsToClose, int[] fdsToIgnore, boolean startChildZygote, String instructionSet,
		String appDataDir, boolean isTopApp, String[] pkgDataInfoList,
		String[] whitelistedDataInfoList, boolean bindMountAppDataDirs,
		String[] allowlistedDataInfoList, boolean bindMountAppDataDirs,
		boolean bindMountAppStorageDirs);

		/**
		@@ -392,18 +392,18 @@ public final class Zygote {
		* volume uuid and CE dir inode. For example, pkgDataInfoList = [app_a_pkg_name,
		* app_a_data_volume_uuid, app_a_ce_inode, app_b_pkg_name, app_b_data_volume_uuid,
		* app_b_ce_inode, ...];
		* @param whitelistedDataInfoList Like pkgDataInfoList, but it's for allowlisted apps.
		* @param allowlistedDataInfoList Like pkgDataInfoList, but it's for allowlisted apps.
		* @param bindMountAppDataDirs True if the zygote needs to mount data dirs.
		* @param bindMountAppStorageDirs True if the zygote needs to mount storage dirs.
		*/
		private static void specializeAppProcess(int uid, int gid, int[] gids, int runtimeFlags,
		int[][] rlimits, int mountExternal, String seInfo, String niceName,
		boolean startChildZygote, String instructionSet, String appDataDir, boolean isTopApp,
		String[] pkgDataInfoList, String[] whitelistedDataInfoList,
		String[] pkgDataInfoList, String[] allowlistedDataInfoList,
		boolean bindMountAppDataDirs, boolean bindMountAppStorageDirs) {
		nativeSpecializeAppProcess(uid, gid, gids, runtimeFlags, rlimits, mountExternal, seInfo,
		niceName, startChildZygote, instructionSet, appDataDir, isTopApp,
		pkgDataInfoList, whitelistedDataInfoList,
		pkgDataInfoList, allowlistedDataInfoList,
		bindMountAppDataDirs, bindMountAppStorageDirs);

		// Note that this event ends at the end of handleChildProc.
		@@ -428,7 +428,7 @@ public final class Zygote {
		private static native void nativeSpecializeAppProcess(int uid, int gid, int[] gids,
		int runtimeFlags, int[][] rlimits, int mountExternal, String seInfo, String niceName,
		boolean startChildZygote, String instructionSet, String appDataDir, boolean isTopApp,
		String[] pkgDataInfoList, String[] whitelistedDataInfoList,
		String[] pkgDataInfoList, String[] allowlistedDataInfoList,
		boolean bindMountAppDataDirs, boolean bindMountAppStorageDirs);

		/**
		@@ -807,7 +807,7 @@ public final class Zygote {
		args.mRuntimeFlags, rlimits, args.mMountExternal,
		args.mSeInfo, args.mNiceName, args.mStartChildZygote,
		args.mInstructionSet, args.mAppDataDir, args.mIsTopApp,
		args.mPkgDataInfoList, args.mWhitelistedDataInfoList,
		args.mPkgDataInfoList, args.mAllowlistedDataInfoList,
		args.mBindMountAppDataDirs, args.mBindMountAppStorageDirs);

		Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER);

core/java/com/android/internal/os/ZygoteArguments.java

+3 −3

Original line number	Diff line number	Diff line
		@@ -230,7 +230,7 @@ class ZygoteArguments {
		* A list that stores all allowlisted app data info: volume uuid and inode.
		* Null if it does need to do app data isolation.
		*/
		String[] mWhitelistedDataInfoList;
		String[] mAllowlistedDataInfoList;

		/**
		* @see Zygote#BIND_MOUNT_APP_STORAGE_DIRS
		@@ -475,8 +475,8 @@ class ZygoteArguments {
		}
		} else if (arg.startsWith(Zygote.PKG_DATA_INFO_MAP)) {
		mPkgDataInfoList = getAssignmentList(arg);
		} else if (arg.startsWith(Zygote.WHITELISTED_DATA_INFO_MAP)) {
		mWhitelistedDataInfoList = getAssignmentList(arg);
		} else if (arg.startsWith(Zygote.ALLOWLISTED_DATA_INFO_MAP)) {
		mAllowlistedDataInfoList = getAssignmentList(arg);
		} else if (arg.equals(Zygote.BIND_MOUNT_APP_STORAGE_DIRS)) {
		mBindMountAppStorageDirs = true;
		} else if (arg.equals(Zygote.BIND_MOUNT_APP_DATA_DIRS)) {

core/java/com/android/internal/os/ZygoteConnection.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -265,7 +265,7 @@ class ZygoteConnection {
		fdsToClose, fdsToIgnore, parsedArgs.mStartChildZygote,
		parsedArgs.mInstructionSet, parsedArgs.mAppDataDir,
		parsedArgs.mIsTopApp, parsedArgs.mPkgDataInfoList,
		parsedArgs.mWhitelistedDataInfoList, parsedArgs.mBindMountAppDataDirs,
		parsedArgs.mAllowlistedDataInfoList, parsedArgs.mBindMountAppDataDirs,
		parsedArgs.mBindMountAppStorageDirs);

		try {

core/jni/com_android_internal_os_Zygote.cpp

+232 −237

Original line number	Diff line number	Diff line
		@@ -1400,14 +1400,13 @@ static void insertPackagesToMergedList(JNIEnv* env,
		}

		static void isolateAppData(JNIEnv* env, jobjectArray pkg_data_info_list,
		jobjectArray whitelisted_data_info_list, uid_t uid, const char* process_name,
		jstring managed_nice_name, fail_fn_t fail_fn) {

		jobjectArray allowlisted_data_info_list, uid_t uid,
		const char* process_name, jstring managed_nice_name, fail_fn_t fail_fn) {
		std::vector<std::string> merged_data_info_list;
		insertPackagesToMergedList(env, merged_data_info_list, pkg_data_info_list,
		process_name, managed_nice_name, fail_fn);
		insertPackagesToMergedList(env, merged_data_info_list, whitelisted_data_info_list,
		process_name, managed_nice_name, fail_fn);
		insertPackagesToMergedList(env, merged_data_info_list, pkg_data_info_list, process_name,
		managed_nice_name, fail_fn);
		insertPackagesToMergedList(env, merged_data_info_list, allowlisted_data_info_list, process_name,
		managed_nice_name, fail_fn);

		isolateAppData(env, merged_data_info_list, uid, process_name, managed_nice_name, fail_fn);
		}
		@@ -1510,16 +1509,15 @@ static void BindMountStorageDirs(JNIEnv* env, jobjectArray pkg_data_info_list,
		}

		// Utility routine to specialize a zygote child process.
		static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids,
		jint runtime_flags, jobjectArray rlimits,
		jlong permitted_capabilities, jlong effective_capabilities,
		jint mount_external, jstring managed_se_info,
		jstring managed_nice_name, bool is_system_server,
		bool is_child_zygote, jstring managed_instruction_set,
		jstring managed_app_data_dir, bool is_top_app,
		jobjectArray pkg_data_info_list,
		jobjectArray whitelisted_data_info_list,
		bool mount_data_dirs, bool mount_storage_dirs) {
		static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids, jint runtime_flags,
		jobjectArray rlimits, jlong permitted_capabilities,
		jlong effective_capabilities, jint mount_external,
		jstring managed_se_info, jstring managed_nice_name,
		bool is_system_server, bool is_child_zygote,
		jstring managed_instruction_set, jstring managed_app_data_dir,
		bool is_top_app, jobjectArray pkg_data_info_list,
		jobjectArray allowlisted_data_info_list, bool mount_data_dirs,
		bool mount_storage_dirs) {
		const char* process_name = is_system_server ? "system_server" : "zygote";
		auto fail_fn = std::bind(ZygoteFailure, env, process_name, managed_nice_name, _1);
		auto extract_fn = std::bind(ExtractJString, env, process_name, managed_nice_name, _1);
		@@ -1538,9 +1536,7 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids,

		DropCapabilitiesBoundingSet(fail_fn);

		bool need_pre_initialize_native_bridge =
		!is_system_server &&
		instruction_set.has_value() &&
		bool need_pre_initialize_native_bridge = !is_system_server && instruction_set.has_value() &&
		android::NativeBridgeAvailable() &&
		// Native bridge may be already initialized if this
		// is an app forked from app-zygote.
		@@ -1555,15 +1551,16 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids,
		// Sandbox data and jit profile directories by overlaying a tmpfs on those dirs and bind
		// mount all related packages separately.
		if (mount_data_dirs) {
		isolateAppData(env, pkg_data_info_list, whitelisted_data_info_list,
		uid, process_name, managed_nice_name, fail_fn);
		isolateAppData(env, pkg_data_info_list, allowlisted_data_info_list, uid, process_name,
		managed_nice_name, fail_fn);
		isolateJitProfile(env, pkg_data_info_list, uid, process_name, managed_nice_name, fail_fn);
		}
		// MOUNT_EXTERNAL_INSTALLER, MOUNT_EXTERNAL_PASS_THROUGH, MOUNT_EXTERNAL_ANDROID_WRITABLE apps
		// will have mount_storage_dirs == false here (set by ProcessList.needsStorageDataIsolation()),
		// and hence they won't bind mount storage dirs.
		if (mount_storage_dirs) {
		BindMountStorageDirs(env, pkg_data_info_list, uid, process_name, managed_nice_name, fail_fn);
		BindMountStorageDirs(env, pkg_data_info_list, uid, process_name, managed_nice_name,
		fail_fn);
		}

		// If this zygote isn't root, it won't be able to create a process group,
		@@ -1583,8 +1580,8 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids,
		if (need_pre_initialize_native_bridge) {
		// Due to the logic behind need_pre_initialize_native_bridge we know that
		// instruction_set contains a value.
		android::PreInitializeNativeBridge(
		app_data_dir.has_value() ? app_data_dir.value().c_str() : nullptr,
		android::PreInitializeNativeBridge(app_data_dir.has_value() ? app_data_dir.value().c_str()
		: nullptr,
		instruction_set.value().c_str());
		}

		@@ -1656,7 +1653,8 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids,
		}
		mallopt(M_BIONIC_SET_HEAP_TAGGING_LEVEL, heap_tagging_level);

		// Now that we've used the flag, clear it so that we don't pass unknown flags to the ART runtime.
		// Now that we've used the flag, clear it so that we don't pass unknown flags to the ART
		// runtime.
		runtime_flags &= ~RuntimeFlags::MEMORY_TAG_LEVEL_MASK;

		// Avoid heap zero initialization for applications without MTE. Zero init may
		@@ -1668,7 +1666,8 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids,
		mallopt(M_BIONIC_ZERO_INIT, 0);
		}

		// Now that we've used the flag, clear it so that we don't pass unknown flags to the ART runtime.
		// Now that we've used the flag, clear it so that we don't pass unknown flags to the ART
		// runtime.
		runtime_flags &= ~RuntimeFlags::NATIVE_HEAP_ZERO_INIT;

		bool forceEnableGwpAsan = false;
		@@ -1682,7 +1681,8 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids,
		case RuntimeFlags::GWP_ASAN_LEVEL_LOTTERY:
		android_mallopt(M_INITIALIZE_GWP_ASAN, &forceEnableGwpAsan, sizeof(forceEnableGwpAsan));
		}
		// Now that we've used the flag, clear it so that we don't pass unknown flags to the ART runtime.
		// Now that we've used the flag, clear it so that we don't pass unknown flags to the ART
		// runtime.
		runtime_flags &= ~RuntimeFlags::GWP_ASAN_LEVEL_MASK;

		if (NeedsNoRandomizeWorkaround()) {
		@@ -1694,7 +1694,8 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids,
		}
		}

		SetCapabilities(permitted_capabilities, effective_capabilities, permitted_capabilities, fail_fn);
		SetCapabilities(permitted_capabilities, effective_capabilities, permitted_capabilities,
		fail_fn);

		__android_log_close();
		AStatsSocket_close();
		@@ -1703,8 +1704,8 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids,
		const char* nice_name_ptr = nice_name.has_value() ? nice_name.value().c_str() : nullptr;

		if (selinux_android_setcontext(uid, is_system_server, se_info_ptr, nice_name_ptr) == -1) {
		fail_fn(CREATE_ERROR("selinux_android_setcontext(%d, %d, \"%s\", \"%s\") failed",
		uid, is_system_server, se_info_ptr, nice_name_ptr));
		fail_fn(CREATE_ERROR("selinux_android_setcontext(%d, %d, \"%s\", \"%s\") failed", uid,
		is_system_server, se_info_ptr, nice_name_ptr));
		}

		// Make it easier to debug audit logs by setting the main thread's name to the
		@@ -1724,7 +1725,7 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids,
		fail_fn("Error calling post fork system server hooks.");
		}

		// TODO(oth): Remove hardcoded label here (b/117874058).
		// TODO(b/117874058): Remove hardcoded label here.
		static const char* kSystemServerLabel = "u:r:system_server:s0";
		if (selinux_android_setcon(kSystemServerLabel) != 0) {
		fail_fn(CREATE_ERROR("selinux_android_setcon(%s)", kSystemServerLabel));
		@@ -2068,12 +2069,11 @@ static void com_android_internal_os_Zygote_nativePreApplicationInit(JNIEnv*, jcl

		NO_PAC_FUNC
		static jint com_android_internal_os_Zygote_nativeForkAndSpecialize(
		JNIEnv* env, jclass, jint uid, jint gid, jintArray gids,
		jint runtime_flags, jobjectArray rlimits,
		jint mount_external, jstring se_info, jstring nice_name,
		JNIEnv* env, jclass, jint uid, jint gid, jintArray gids, jint runtime_flags,
		jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name,
		jintArray managed_fds_to_close, jintArray managed_fds_to_ignore, jboolean is_child_zygote,
		jstring instruction_set, jstring app_data_dir, jboolean is_top_app,
		jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list,
		jobjectArray pkg_data_info_list, jobjectArray allowlisted_data_info_list,
		jboolean mount_data_dirs, jboolean mount_storage_dirs) {
		jlong capabilities = CalculateCapabilities(env, uid, gid, gids, is_child_zygote);

		@@ -2108,13 +2108,10 @@ static jint com_android_internal_os_Zygote_nativeForkAndSpecialize(
		pid_t pid = zygote::ForkCommon(env, false, fds_to_close, fds_to_ignore, true);

		if (pid == 0) {
		SpecializeCommon(env, uid, gid, gids, runtime_flags, rlimits,
		capabilities, capabilities,
		mount_external, se_info, nice_name, false,
		is_child_zygote == JNI_TRUE, instruction_set, app_data_dir,
		is_top_app == JNI_TRUE, pkg_data_info_list,
		whitelisted_data_info_list,
		mount_data_dirs == JNI_TRUE,
		SpecializeCommon(env, uid, gid, gids, runtime_flags, rlimits, capabilities, capabilities,
		mount_external, se_info, nice_name, false, is_child_zygote == JNI_TRUE,
		instruction_set, app_data_dir, is_top_app == JNI_TRUE, pkg_data_info_list,
		allowlisted_data_info_list, mount_data_dirs == JNI_TRUE,
		mount_storage_dirs == JNI_TRUE);
		}
		return pid;
		@@ -2147,12 +2144,11 @@ static jint com_android_internal_os_Zygote_nativeForkSystemServer(
		if (pid == 0) {
		// System server prcoess does not need data isolation so no need to
		// know pkg_data_info_list.
		SpecializeCommon(env, uid, gid, gids, runtime_flags, rlimits,
		permitted_capabilities, effective_capabilities,
		MOUNT_EXTERNAL_DEFAULT, nullptr, nullptr, true,
		SpecializeCommon(env, uid, gid, gids, runtime_flags, rlimits, permitted_capabilities,
		effective_capabilities, MOUNT_EXTERNAL_DEFAULT, nullptr, nullptr, true,
		false, nullptr, nullptr, /* is_top_app= */ false,
		/* pkg_data_info_list */ nullptr,
		/* whitelisted_data_info_list */ nullptr, false, false);
		/* allowlisted_data_info_list */ nullptr, false, false);
		} else if (pid > 0) {
		// The zygote process checks whether the child process has died or not.
		ALOGI("System server process %d has been created", pid);
		@@ -2260,7 +2256,7 @@ static void com_android_internal_os_Zygote_nativeAllowFileAcrossFork(
		if (!path_cstr) {
		RuntimeAbort(env, __LINE__, "path_cstr == nullptr");
		}
		FileDescriptorWhitelist::Get()->Allow(path_cstr);
		FileDescriptorAllowlist::Get()->Allow(path_cstr);
		}

		static void com_android_internal_os_Zygote_nativeInstallSeccompUidGidFilter(
		@@ -2295,20 +2291,19 @@ static void com_android_internal_os_Zygote_nativeInstallSeccompUidGidFilter(
		* @param is_top_app If the process is for top (high priority) application
		*/
		static void com_android_internal_os_Zygote_nativeSpecializeAppProcess(
		JNIEnv* env, jclass, jint uid, jint gid, jintArray gids,
		jint runtime_flags, jobjectArray rlimits,
		jint mount_external, jstring se_info, jstring nice_name,
		jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jboolean is_top_app,
		jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list,
		jboolean mount_data_dirs, jboolean mount_storage_dirs) {
		JNIEnv* env, jclass, jint uid, jint gid, jintArray gids, jint runtime_flags,
		jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name,
		jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir,
		jboolean is_top_app, jobjectArray pkg_data_info_list,
		jobjectArray allowlisted_data_info_list, jboolean mount_data_dirs,
		jboolean mount_storage_dirs) {
		jlong capabilities = CalculateCapabilities(env, uid, gid, gids, is_child_zygote);

		SpecializeCommon(env, uid, gid, gids, runtime_flags, rlimits,
		capabilities, capabilities,
		mount_external, se_info, nice_name, false,
		is_child_zygote == JNI_TRUE, instruction_set, app_data_dir,
		is_top_app == JNI_TRUE, pkg_data_info_list, whitelisted_data_info_list,
		mount_data_dirs == JNI_TRUE, mount_storage_dirs == JNI_TRUE);
		SpecializeCommon(env, uid, gid, gids, runtime_flags, rlimits, capabilities, capabilities,
		mount_external, se_info, nice_name, false, is_child_zygote == JNI_TRUE,
		instruction_set, app_data_dir, is_top_app == JNI_TRUE, pkg_data_info_list,
		allowlisted_data_info_list, mount_data_dirs == JNI_TRUE,
		mount_storage_dirs == JNI_TRUE);
		}

		/**