Add new feature for running services in "isolated" sandbox processes. This reserves a range of uids (for each user) in which these processes run. These uids are not associated with an application, so they effectively run with no permissions. When a Service requests to run in such a process through android:isolatedProcess="true", each time it is brought up a new isolated process is started with its own unique uid. What we have so far gives us the basic infrastructure; more work remains to further lock down what these uids have access to. Change-Id: Ibfd27c75619cba61f528f46ede9113f98dc5f45b

commit: a0c283eac33dd2da72235751bbfa4f2d9898d5ea [log] [tgz]
author: Dianne Hackborn <hackbod@google.com> Thu Feb 09 10:47:01 2012 -0800
committer: Dianne Hackborn <hackbod@google.com> Thu Feb 09 11:18:33 2012 -0800
tree: 4a772771c79de9a0817115a49b5018397cd64add
parent: f6a7e1f7cd12fbbb2e35391850aec7d7d57b8f66 [diff] [blame]
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index faee873..2023f82 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java

@@ -2581,6 +2581,11 @@
                 false)) {
             s.info.flags |= ServiceInfo.FLAG_STOP_WITH_TASK;
         }
+        if (sa.getBoolean(
+                com.android.internal.R.styleable.AndroidManifestService_isolatedProcess,
+                false)) {
+            s.info.flags |= ServiceInfo.FLAG_ISOLATED_PROCESS;
+        }
 
         sa.recycle();
commit	a0c283eac33dd2da72235751bbfa4f2d9898d5ea	[log] [tgz]
author	Dianne Hackborn <hackbod@google.com>	Thu Feb 09 10:47:01 2012 -0800
committer	Dianne Hackborn <hackbod@google.com>	Thu Feb 09 11:18:33 2012 -0800
tree	4a772771c79de9a0817115a49b5018397cd64add
parent	f6a7e1f7cd12fbbb2e35391850aec7d7d57b8f66 [diff] [blame]