Merge "Revert "Revert "Do not mount whitelisted package in storage data and... (afef06a0) · Commits · e / os / android_frameworks_base

core/java/android/os/Process.java

+10 −2

Original line number	Diff line number	Diff line
		@@ -607,6 +607,9 @@ public class Process {
		* started.
		* @param pkgDataInfoMap Map from related package names to private data directory
		* volume UUID and inode number.
		* @param whitelistedDataInfoMap Map from whitelisted package names to private data directory
		* volume UUID and inode number.
		* @param bindMountAppsData whether zygote needs to mount CE and DE data.
		* @param bindMountAppStorageDirs whether zygote needs to mount Android/obb and Android/data.
		* @param zygoteArgs Additional arguments to supply to the zygote process.
		* @return An object that describes the result of the attempt to start the process.
		@@ -631,13 +634,17 @@ public class Process {
		@Nullable long[] disabledCompatChanges,
		@Nullable Map<String, Pair<String, Long>>
		pkgDataInfoMap,
		@Nullable Map<String, Pair<String, Long>>
		whitelistedDataInfoMap,
		boolean bindMountAppsData,
		boolean bindMountAppStorageDirs,
		@Nullable String[] zygoteArgs) {
		return ZYGOTE_PROCESS.start(processClass, niceName, uid, gid, gids,
		runtimeFlags, mountExternal, targetSdkVersion, seInfo,
		abi, instructionSet, appDataDir, invokeWith, packageName,
		zygotePolicyFlags, isTopApp, disabledCompatChanges,
		pkgDataInfoMap, bindMountAppStorageDirs, zygoteArgs);
		pkgDataInfoMap, whitelistedDataInfoMap, bindMountAppsData,
		bindMountAppStorageDirs, zygoteArgs);
		}

		/** @hide */
		@@ -661,7 +668,8 @@ public class Process {
		runtimeFlags, mountExternal, targetSdkVersion, seInfo,
		abi, instructionSet, appDataDir, invokeWith, packageName,
		/zygotePolicyFlags=/ ZYGOTE_POLICY_FLAG_EMPTY, /isTopApp=/ false,
		disabledCompatChanges, /* pkgDataInfoMap */ null, false, zygoteArgs);
		disabledCompatChanges, /* pkgDataInfoMap */ null,
		/* whitelistedDataInfoMap */ null, false, false, zygoteArgs);
		}

		/**

core/java/android/os/ZygoteProcess.java

+37 −1

Original line number	Diff line number	Diff line
		@@ -333,6 +333,9 @@ public class ZygoteProcess {
		* started.
		* @param pkgDataInfoMap Map from related package names to private data directory
		* volume UUID and inode number.
		* @param whitelistedDataInfoMap Map from whitelisted package names to private data directory
		* volume UUID and inode number.
		* @param bindMountAppsData whether zygote needs to mount CE and DE data.
		* @param bindMountAppStorageDirs whether zygote needs to mount Android/obb and Android/data.
		*
		* @param zygoteArgs Additional arguments to supply to the Zygote process.
		@@ -355,6 +358,9 @@ public class ZygoteProcess {
		@Nullable long[] disabledCompatChanges,
		@Nullable Map<String, Pair<String, Long>>
		pkgDataInfoMap,
		@Nullable Map<String, Pair<String, Long>>
		whitelistedDataInfoMap,
		boolean bindMountAppsData,
		boolean bindMountAppStorageDirs,
		@Nullable String[] zygoteArgs) {
		// TODO (chriswailes): Is there a better place to check this value?
		@@ -367,7 +373,8 @@ public class ZygoteProcess {
		runtimeFlags, mountExternal, targetSdkVersion, seInfo,
		abi, instructionSet, appDataDir, invokeWith, /startChildZygote=/ false,
		packageName, zygotePolicyFlags, isTopApp, disabledCompatChanges,
		pkgDataInfoMap, bindMountAppStorageDirs, zygoteArgs);
		pkgDataInfoMap, whitelistedDataInfoMap, bindMountAppsData,
		bindMountAppStorageDirs, zygoteArgs);
		} catch (ZygoteStartFailedEx ex) {
		Log.e(LOG_TAG,
		"Starting VM process through Zygote failed");
		@@ -608,6 +615,9 @@ public class ZygoteProcess {
		* @param disabledCompatChanges a list of disabled compat changes for the process being started.
		* @param pkgDataInfoMap Map from related package names to private data directory volume UUID
		* and inode number.
		* @param whitelistedDataInfoMap Map from whitelisted package names to private data directory
		* volume UUID and inode number.
		* @param bindMountAppsData whether zygote needs to mount CE and DE data.
		* @param bindMountAppStorageDirs whether zygote needs to mount Android/obb and Android/data.
		* @param extraArgs Additional arguments to supply to the zygote process.
		* @return An object that describes the result of the attempt to start the process.
		@@ -631,6 +641,9 @@ public class ZygoteProcess {
		@Nullable long[] disabledCompatChanges,
		@Nullable Map<String, Pair<String, Long>>
		pkgDataInfoMap,
		@Nullable Map<String, Pair<String, Long>>
		whitelistedDataInfoMap,
		boolean bindMountAppsData,
		boolean bindMountAppStorageDirs,
		@Nullable String[] extraArgs)
		throws ZygoteStartFailedEx {
		@@ -728,11 +741,33 @@ public class ZygoteProcess {
		}
		argsForZygote.add(sb.toString());
		}
		if (whitelistedDataInfoMap != null && whitelistedDataInfoMap.size() > 0) {
		StringBuilder sb = new StringBuilder();
		sb.append(Zygote.WHITELISTED_DATA_INFO_MAP);
		sb.append("=");
		boolean started = false;
		for (Map.Entry<String, Pair<String, Long>> entry : whitelistedDataInfoMap.entrySet()) {
		if (started) {
		sb.append(',');
		}
		started = true;
		sb.append(entry.getKey());
		sb.append(',');
		sb.append(entry.getValue().first);
		sb.append(',');
		sb.append(entry.getValue().second);
		}
		argsForZygote.add(sb.toString());
		}

		if (bindMountAppStorageDirs) {
		argsForZygote.add(Zygote.BIND_MOUNT_APP_STORAGE_DIRS);
		}

		if (bindMountAppsData) {
		argsForZygote.add(Zygote.BIND_MOUNT_APP_DATA_DIRS);
		}

		if (disabledCompatChanges != null && disabledCompatChanges.length > 0) {
		StringBuilder sb = new StringBuilder();
		sb.append("--disabled-compat-changes=");
		@@ -1291,6 +1326,7 @@ public class ZygoteProcess {
		true /* startChildZygote /, null / packageName */,
		ZYGOTE_POLICY_FLAG_SYSTEM_PROCESS /* zygotePolicyFlags /, false / isTopApp */,
		null /* disabledCompatChanges /, null / pkgDataInfoMap */,
		null /* whitelistedDataInfoMap /, false / bindMountAppsData*/,
		/* bindMountAppStorageDirs */ false, extraArgs);

		} catch (ZygoteStartFailedEx ex) {

core/java/com/android/internal/os/Zygote.java

+23 −6

Original line number	Diff line number	Diff line
		@@ -205,9 +205,15 @@ public final class Zygote {
		/** List of packages with the same uid, and its app data info: volume uuid and inode. */
		public static final String PKG_DATA_INFO_MAP = "--pkg-data-info-map";

		/** List of whitelisted packages and its app data info: volume uuid and inode. */
		public static final String WHITELISTED_DATA_INFO_MAP = "--whitelisted-data-info-map";

		/** Bind mount app storage dirs to lower fs not via fuse */
		public static final String BIND_MOUNT_APP_STORAGE_DIRS = "--bind-mount-storage-dirs";

		/** Bind mount app storage dirs to lower fs not via fuse */
		public static final String BIND_MOUNT_APP_DATA_DIRS = "--bind-mount-data-dirs";

		/**
		* An extraArg passed when a zygote process is forking a child-zygote, specifying a name
		* in the abstract socket namespace. This socket name is what the new child zygote
		@@ -313,6 +319,8 @@ public final class Zygote {
		* @param isTopApp true if the process is for top (high priority) application.
		* @param pkgDataInfoList A list that stores related packages and its app data
		* info: volume uuid and inode.
		* @param whitelistedDataInfoList Like pkgDataInfoList, but it's for whitelisted apps.
		* @param bindMountAppDataDirs True if the zygote needs to mount data dirs.
		* @param bindMountAppStorageDirs True if the zygote needs to mount storage dirs.
		*
		* @return 0 if this is the child, pid of the child
		@@ -321,13 +329,15 @@ public final class Zygote {
		static int forkAndSpecialize(int uid, int gid, int[] gids, int runtimeFlags,
		int[][] rlimits, int mountExternal, String seInfo, String niceName, int[] fdsToClose,
		int[] fdsToIgnore, boolean startChildZygote, String instructionSet, String appDataDir,
		boolean isTopApp, String[] pkgDataInfoList, boolean bindMountAppStorageDirs) {
		boolean isTopApp, String[] pkgDataInfoList, String[] whitelistedDataInfoList,
		boolean bindMountAppDataDirs, boolean bindMountAppStorageDirs) {
		ZygoteHooks.preFork();

		int pid = nativeForkAndSpecialize(
		uid, gid, gids, runtimeFlags, rlimits, mountExternal, seInfo, niceName, fdsToClose,
		fdsToIgnore, startChildZygote, instructionSet, appDataDir, isTopApp,
		pkgDataInfoList, bindMountAppStorageDirs);
		pkgDataInfoList, whitelistedDataInfoList, bindMountAppDataDirs,
		bindMountAppStorageDirs);
		if (pid == 0) {
		// Note that this event ends at the end of handleChildProc,
		Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "PostFork");
		@@ -344,6 +354,7 @@ public final class Zygote {
		int runtimeFlags, int[][] rlimits, int mountExternal, String seInfo, String niceName,
		int[] fdsToClose, int[] fdsToIgnore, boolean startChildZygote, String instructionSet,
		String appDataDir, boolean isTopApp, String[] pkgDataInfoList,
		String[] whitelistedDataInfoList, boolean bindMountAppDataDirs,
		boolean bindMountAppStorageDirs);

		/**
		@@ -371,15 +382,19 @@ public final class Zygote {
		* volume uuid and CE dir inode. For example, pkgDataInfoList = [app_a_pkg_name,
		* app_a_data_volume_uuid, app_a_ce_inode, app_b_pkg_name, app_b_data_volume_uuid,
		* app_b_ce_inode, ...];
		* @param whitelistedDataInfoList Like pkgDataInfoList, but it's for whitelisted apps.
		* @param bindMountAppDataDirs True if the zygote needs to mount data dirs.
		* @param bindMountAppStorageDirs True if the zygote needs to mount storage dirs.
		*/
		private static void specializeAppProcess(int uid, int gid, int[] gids, int runtimeFlags,
		int[][] rlimits, int mountExternal, String seInfo, String niceName,
		boolean startChildZygote, String instructionSet, String appDataDir, boolean isTopApp,
		String[] pkgDataInfoList, boolean bindMountAppStorageDirs) {
		String[] pkgDataInfoList, String[] whitelistedDataInfoList,
		boolean bindMountAppDataDirs, boolean bindMountAppStorageDirs) {
		nativeSpecializeAppProcess(uid, gid, gids, runtimeFlags, rlimits, mountExternal, seInfo,
		niceName, startChildZygote, instructionSet, appDataDir, isTopApp,
		pkgDataInfoList, bindMountAppStorageDirs);
		pkgDataInfoList, whitelistedDataInfoList,
		bindMountAppDataDirs, bindMountAppStorageDirs);

		// Note that this event ends at the end of handleChildProc.
		Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "PostFork");
		@@ -399,7 +414,8 @@ public final class Zygote {
		private static native void nativeSpecializeAppProcess(int uid, int gid, int[] gids,
		int runtimeFlags, int[][] rlimits, int mountExternal, String seInfo, String niceName,
		boolean startChildZygote, String instructionSet, String appDataDir, boolean isTopApp,
		String[] pkgDataInfoList, boolean bindMountAppStorageDirs);
		String[] pkgDataInfoList, String[] whitelistedDataInfoList,
		boolean bindMountAppDataDirs, boolean bindMountAppStorageDirs);

		/**
		* Called to do any initialization before starting an application.
		@@ -724,7 +740,8 @@ public final class Zygote {
		args.mRuntimeFlags, rlimits, args.mMountExternal,
		args.mSeInfo, args.mNiceName, args.mStartChildZygote,
		args.mInstructionSet, args.mAppDataDir, args.mIsTopApp,
		args.mPkgDataInfoList, args.mBindMountAppStorageDirs);
		args.mPkgDataInfoList, args.mWhitelistedDataInfoList,
		args.mBindMountAppDataDirs, args.mBindMountAppStorageDirs);

		Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER);

core/java/com/android/internal/os/ZygoteArguments.java

+15 −0

Original line number	Diff line number	Diff line
		@@ -226,11 +226,22 @@ class ZygoteArguments {
		*/
		String[] mPkgDataInfoList;

		/**
		* A list that stores all whitelisted app data info: volume uuid and inode.
		* Null if it does need to do app data isolation.
		*/
		String[] mWhitelistedDataInfoList;

		/**
		* @see Zygote#BIND_MOUNT_APP_STORAGE_DIRS
		*/
		boolean mBindMountAppStorageDirs;

		/**
		* @see Zygote#BIND_MOUNT_APP_DATA_DIRS
		*/
		boolean mBindMountAppDataDirs;

		/**
		* Constructs instance and parses args
		*
		@@ -452,8 +463,12 @@ class ZygoteArguments {
		}
		} else if (arg.startsWith(Zygote.PKG_DATA_INFO_MAP)) {
		mPkgDataInfoList = getAssignmentList(arg);
		} else if (arg.startsWith(Zygote.WHITELISTED_DATA_INFO_MAP)) {
		mWhitelistedDataInfoList = getAssignmentList(arg);
		} else if (arg.equals(Zygote.BIND_MOUNT_APP_STORAGE_DIRS)) {
		mBindMountAppStorageDirs = true;
		} else if (arg.equals(Zygote.BIND_MOUNT_APP_DATA_DIRS)) {
		mBindMountAppDataDirs = true;
		} else {
		break;
		}

core/java/com/android/internal/os/ZygoteConnection.java

+2 −1

Original line number	Diff line number	Diff line
		@@ -258,7 +258,8 @@ class ZygoteConnection {
		parsedArgs.mRuntimeFlags, rlimits, parsedArgs.mMountExternal, parsedArgs.mSeInfo,
		parsedArgs.mNiceName, fdsToClose, fdsToIgnore, parsedArgs.mStartChildZygote,
		parsedArgs.mInstructionSet, parsedArgs.mAppDataDir, parsedArgs.mIsTopApp,
		parsedArgs.mPkgDataInfoList, parsedArgs.mBindMountAppStorageDirs);
		parsedArgs.mPkgDataInfoList, parsedArgs.mWhitelistedDataInfoList,
		parsedArgs.mBindMountAppDataDirs, parsedArgs.mBindMountAppStorageDirs);

		try {
		if (pid == 0) {