Loading cmds/installd/InstalldNativeService.cpp +12 −0 Original line number Diff line number Diff line Loading @@ -2582,5 +2582,17 @@ binder::Status InstalldNativeService::isQuotaSupported( return ok(); } binder::Status InstalldNativeService::prepareAppProfile(const std::string& packageName, int32_t userId, int32_t appId, const std::string& profileName, const std::string& codePath, const std::unique_ptr<std::string>& dexMetadata, bool* _aidl_return) { ENFORCE_UID(AID_SYSTEM); CHECK_ARGUMENT_PACKAGE_NAME(packageName); std::lock_guard<std::recursive_mutex> lock(mLock); *_aidl_return = prepare_app_profile(packageName, userId, appId, profileName, codePath, dexMetadata); return ok(); } } // namespace installd } // namespace android cmds/installd/InstalldNativeService.h +5 −0 Original line number Diff line number Diff line Loading @@ -133,6 +133,11 @@ public: binder::Status isQuotaSupported(const std::unique_ptr<std::string>& volumeUuid, bool* _aidl_return); binder::Status prepareAppProfile(const std::string& packageName, int32_t userId, int32_t appId, const std::string& profileName, const std::string& codePath, const std::unique_ptr<std::string>& dexMetadata, bool* _aidl_return); private: std::recursive_mutex mLock; Loading cmds/installd/binder/android/os/IInstalld.aidl +4 −0 Original line number Diff line number Diff line Loading @@ -93,4 +93,8 @@ interface IInstalld { void invalidateMounts(); boolean isQuotaSupported(@nullable @utf8InCpp String uuid); boolean prepareAppProfile(@utf8InCpp String packageName, int userId, int appId, @utf8InCpp String profileName, @utf8InCpp String codePath, @nullable @utf8InCpp String dexMetadata); } cmds/installd/dexopt.cpp +50 −0 Original line number Diff line number Diff line Loading @@ -2479,5 +2479,55 @@ bool create_profile_snapshot(int32_t app_id, const std::string& package_name, return true; } bool prepare_app_profile(const std::string& package_name, userid_t user_id, appid_t app_id, const std::string& profile_name, const std::string& code_path ATTRIBUTE_UNUSED, const std::unique_ptr<std::string>& dex_metadata) { // Prepare the current profile. std::string cur_profile = create_current_profile_path(user_id, package_name, profile_name, /*is_secondary_dex*/ false); uid_t uid = multiuser_get_uid(user_id, app_id); if (fs_prepare_file_strict(cur_profile.c_str(), 0600, uid, uid) != 0) { PLOG(ERROR) << "Failed to prepare " << cur_profile; return false; } // Check if we need to install the profile from the dex metadata. if (dex_metadata == nullptr) { return true; } // We have a dex metdata. Merge the profile into the reference profile. unique_fd ref_profile_fd = open_reference_profile(uid, package_name, profile_name, /*read_write*/ true, /*is_secondary_dex*/ false); unique_fd dex_metadata_fd(TEMP_FAILURE_RETRY( open(dex_metadata->c_str(), O_RDONLY | O_NOFOLLOW))); std::vector<unique_fd> profiles_fd; profiles_fd.push_back(std::move(dex_metadata_fd)); pid_t pid = fork(); if (pid == 0) { /* child -- drop privileges before continuing */ gid_t app_shared_gid = multiuser_get_shared_gid(user_id, app_id); drop_capabilities(app_shared_gid); // TODO(calin): the dex metadata profile might embed different names for the // same code path (e.g. YouTube.apk or base.apk, depending on how the initial // profile was captured). We should pass the code path to adjust the names in the profile. run_profman_merge(profiles_fd, ref_profile_fd); exit(42); /* only get here on exec failure */ } /* parent */ int return_code = wait_child(pid); if (!WIFEXITED(return_code)) { PLOG(WARNING) << "profman failed for " << package_name << ":" << profile_name; return false; } return true; } } // namespace installd } // namespace android cmds/installd/dexopt.h +11 −0 Original line number Diff line number Diff line Loading @@ -70,6 +70,17 @@ bool copy_system_profile(const std::string& system_profile, const std::string& pkgname, const std::string& profile_name); // Prepare the app profile for the given code path: // - create the current profile using profile_name // - merge the profile from the dex metadata file (if present) into // the reference profile. bool prepare_app_profile(const std::string& package_name, userid_t user_id, appid_t app_id, const std::string& profile_name, const std::string& code_path, const std::unique_ptr<std::string>& dex_metadata); bool delete_odex(const char* apk_path, const char* instruction_set, const char* output_path); bool reconcile_secondary_dex_file(const std::string& dex_path, Loading Loading
cmds/installd/InstalldNativeService.cpp +12 −0 Original line number Diff line number Diff line Loading @@ -2582,5 +2582,17 @@ binder::Status InstalldNativeService::isQuotaSupported( return ok(); } binder::Status InstalldNativeService::prepareAppProfile(const std::string& packageName, int32_t userId, int32_t appId, const std::string& profileName, const std::string& codePath, const std::unique_ptr<std::string>& dexMetadata, bool* _aidl_return) { ENFORCE_UID(AID_SYSTEM); CHECK_ARGUMENT_PACKAGE_NAME(packageName); std::lock_guard<std::recursive_mutex> lock(mLock); *_aidl_return = prepare_app_profile(packageName, userId, appId, profileName, codePath, dexMetadata); return ok(); } } // namespace installd } // namespace android
cmds/installd/InstalldNativeService.h +5 −0 Original line number Diff line number Diff line Loading @@ -133,6 +133,11 @@ public: binder::Status isQuotaSupported(const std::unique_ptr<std::string>& volumeUuid, bool* _aidl_return); binder::Status prepareAppProfile(const std::string& packageName, int32_t userId, int32_t appId, const std::string& profileName, const std::string& codePath, const std::unique_ptr<std::string>& dexMetadata, bool* _aidl_return); private: std::recursive_mutex mLock; Loading
cmds/installd/binder/android/os/IInstalld.aidl +4 −0 Original line number Diff line number Diff line Loading @@ -93,4 +93,8 @@ interface IInstalld { void invalidateMounts(); boolean isQuotaSupported(@nullable @utf8InCpp String uuid); boolean prepareAppProfile(@utf8InCpp String packageName, int userId, int appId, @utf8InCpp String profileName, @utf8InCpp String codePath, @nullable @utf8InCpp String dexMetadata); }
cmds/installd/dexopt.cpp +50 −0 Original line number Diff line number Diff line Loading @@ -2479,5 +2479,55 @@ bool create_profile_snapshot(int32_t app_id, const std::string& package_name, return true; } bool prepare_app_profile(const std::string& package_name, userid_t user_id, appid_t app_id, const std::string& profile_name, const std::string& code_path ATTRIBUTE_UNUSED, const std::unique_ptr<std::string>& dex_metadata) { // Prepare the current profile. std::string cur_profile = create_current_profile_path(user_id, package_name, profile_name, /*is_secondary_dex*/ false); uid_t uid = multiuser_get_uid(user_id, app_id); if (fs_prepare_file_strict(cur_profile.c_str(), 0600, uid, uid) != 0) { PLOG(ERROR) << "Failed to prepare " << cur_profile; return false; } // Check if we need to install the profile from the dex metadata. if (dex_metadata == nullptr) { return true; } // We have a dex metdata. Merge the profile into the reference profile. unique_fd ref_profile_fd = open_reference_profile(uid, package_name, profile_name, /*read_write*/ true, /*is_secondary_dex*/ false); unique_fd dex_metadata_fd(TEMP_FAILURE_RETRY( open(dex_metadata->c_str(), O_RDONLY | O_NOFOLLOW))); std::vector<unique_fd> profiles_fd; profiles_fd.push_back(std::move(dex_metadata_fd)); pid_t pid = fork(); if (pid == 0) { /* child -- drop privileges before continuing */ gid_t app_shared_gid = multiuser_get_shared_gid(user_id, app_id); drop_capabilities(app_shared_gid); // TODO(calin): the dex metadata profile might embed different names for the // same code path (e.g. YouTube.apk or base.apk, depending on how the initial // profile was captured). We should pass the code path to adjust the names in the profile. run_profman_merge(profiles_fd, ref_profile_fd); exit(42); /* only get here on exec failure */ } /* parent */ int return_code = wait_child(pid); if (!WIFEXITED(return_code)) { PLOG(WARNING) << "profman failed for " << package_name << ":" << profile_name; return false; } return true; } } // namespace installd } // namespace android
cmds/installd/dexopt.h +11 −0 Original line number Diff line number Diff line Loading @@ -70,6 +70,17 @@ bool copy_system_profile(const std::string& system_profile, const std::string& pkgname, const std::string& profile_name); // Prepare the app profile for the given code path: // - create the current profile using profile_name // - merge the profile from the dex metadata file (if present) into // the reference profile. bool prepare_app_profile(const std::string& package_name, userid_t user_id, appid_t app_id, const std::string& profile_name, const std::string& code_path, const std::unique_ptr<std::string>& dex_metadata); bool delete_odex(const char* apk_path, const char* instruction_set, const char* output_path); bool reconcile_secondary_dex_file(const std::string& dex_path, Loading
