Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f12af2f6 authored by Victor Hsieh's avatar Victor Hsieh
Browse files

Skip dexopt if app has preferCodeIntegrity=true 

Test: 1. adb install com.android.cts.appintegrity.apk
      2. adb shell cmd package compile -m speed -f com.android.cts.appintegrity
      3. adb shell oatdump --oat-file=$(echo /data/app/com.android.cts.appintegrity-*/oat/arm64/base.odex)
      => no code is observed in oatdump, only if preferCodeIntegrity=true
Bug: 112037137
Change-Id: Ic7defd8096ae9ccb231c3d4b5ffa3adfa4b8dfab
parent f15c4816

core/java/android/content/pm/ApplicationInfo.java

+5 −0
Original line number Diff line number Diff line
@@ -1947,6 +1947,11 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { 
        return (privateFlags & ApplicationInfo.PRIVATE_FLAG_PRODUCT_SERVICES) != 0;

    }



    /** @hide */

    public boolean isCodeIntegrityPreferred() {

        return (privateFlags & PRIVATE_FLAG_PREFER_CODE_INTEGRITY) != 0;

    }



    /**

     * Returns whether or not this application was installed as a virtual preload.

     */

services/core/java/com/android/server/am/ProcessList.java

+1 −1
Original line number Diff line number Diff line
@@ -1362,7 +1362,7 @@ public final class ProcessList { 
                mService.mNativeDebuggingApp = null;

            }



            if ((app.info.privateFlags & ApplicationInfo.PRIVATE_FLAG_PREFER_CODE_INTEGRITY) != 0

            if (app.info.isCodeIntegrityPreferred()

                    || (app.info.isPrivilegedApp()

                        && DexManager.isPackageSelectedToRunOob(app.pkgList.mPkgList.keySet()))) {

                runtimeFlags |= Zygote.ONLY_USE_SYSTEM_OAT_FILES;

services/core/java/com/android/server/pm/PackageDexOptimizer.java

+4 −2
Original line number Diff line number Diff line
@@ -509,8 +509,10 @@ public class PackageDexOptimizer { 
            boolean isUsedByOtherApps) {

        int flags = info.flags;

        boolean vmSafeMode = (flags & ApplicationInfo.FLAG_VM_SAFE_MODE) != 0;

        // When a priv app is configured to run out of box, only verify it.

        if (info.isPrivilegedApp() && DexManager.isPackageSelectedToRunOob(info.packageName)) {

        // When an app or priv app is configured to run out of box, only verify it.

        if (info.isCodeIntegrityPreferred()

                || (info.isPrivilegedApp()

                    && DexManager.isPackageSelectedToRunOob(info.packageName))) {

            return "verify";

        }

        if (vmSafeMode) {