Prepare app data only when storage is available.
Before this change, scanning a package aggressively tried checking
to ensure that private app data was prepared. However, in an FBE
world we may not have access to that data at scan time. So this
change shifts the preparing of private app data until later: it
prepares DE storage when a user is started, and CE storage when a
user is unlocked. Wire ourselves into the user lifecycle so we can
prepare storage at both user start and unlock.
When DE/CE storage becomes available, this change reconciles any
found packages against known installed apps, and deletes any orphaned
data directories.
We now need to store the last-restorecon hash in an xattr on a
per-user directory basis, since we can't restorecon CE storage until
it's unlocked, or adopted storage until it's mounted. Remove a
bunch of used logic for loading dynamic SELinux policy at runtime;
our policy always comes from the system image.
Bug: 26466827, 26544104
Change-Id: I8d0a4ef862c35f4e4ef5c7f20d3bb8f12ba3fd4b
diff --git a/services/core/java/com/android/server/am/UserController.java b/services/core/java/com/android/server/am/UserController.java
index 56757ca..a0e084b 100644
--- a/services/core/java/com/android/server/am/UserController.java
+++ b/services/core/java/com/android/server/am/UserController.java
@@ -249,6 +249,9 @@
if (uss.state == UserState.STATE_RUNNING_LOCKED) {
uss.setState(UserState.STATE_RUNNING);
+ // Give user manager a chance to prepare app storage
+ mUserManager.onBeforeUnlockUser(userId);
+
mHandler.sendMessage(mHandler.obtainMessage(SYSTEM_USER_UNLOCK_MSG, userId, 0));
final Intent unlockedIntent = new Intent(Intent.ACTION_USER_UNLOCKED);
@@ -651,7 +654,8 @@
}
if (uss.state == UserState.STATE_BOOTING) {
- // Let user manager propagate user restrictions to other services.
+ // Give user manager a chance to propagate user restrictions
+ // to other services and prepare app storage
getUserManager().onBeforeStartUser(userId);
// Booting up a new user, need to tell system services about it.