Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 378b2700909a3b04fc2de67b2bb0866499427c4b^! / .
commit378b2700909a3b04fc2de67b2bb0866499427c4b[log] [tgz]
authorMartijn Coenen <maco@google.com>Wed Feb 20 10:33:41 2019 +0100
committerMartijn Coenen <maco@google.com>Wed Feb 20 10:38:45 2019 +0100
tree710ca66a43c1f0f7b28e120b6583b83114fa0084
parent5f4e9dac927e0ce175671f50e540b525b3a8f05c [diff]
Kill app zygote when package is removed.

Since the app zygote is kept around for a few seconds after the last
isolated service using it goes away, it was possible to install a new
version of an app and launch a service before that timeout had expired -
causing the service to use the app zygote which loaded the old code. To
prevent this, clean up the app zygote as part of package process
cleanup.

Bug: 124401845
Test: manual
Change-Id: I2d2ef28280a9631275569e419283e160ca9e1105

diff --git a/services/core/java/com/android/server/am/ProcessList.java b/services/core/java/com/android/server/am/ProcessList.java
index 0d49e4c..e165bda 100644
--- a/services/core/java/com/android/server/am/ProcessList.java
+++ b/services/core/java/com/android/server/am/ProcessList.java

@@ -1705,9 +1705,15 @@
             zygoteProcesses.remove(app);
             if (zygoteProcesses.size() == 0) {
                 mService.mHandler.removeMessages(KILL_APP_ZYGOTE_MSG);
-                Message msg = mService.mHandler.obtainMessage(KILL_APP_ZYGOTE_MSG);
-                msg.obj = appZygote;
-                mService.mHandler.sendMessageDelayed(msg, KILL_APP_ZYGOTE_DELAY_MS);
+                if (app.removed) {
+                    // If we stopped this process because the package hosting it was removed,
+                    // there's no point in delaying the app zygote kill.
+                    killAppZygoteIfNeededLocked(appZygote);
+                } else {
+                    Message msg = mService.mHandler.obtainMessage(KILL_APP_ZYGOTE_MSG);
+                    msg.obj = appZygote;
+                    mService.mHandler.sendMessageDelayed(msg, KILL_APP_ZYGOTE_DELAY_MS);
+                }
             }
         }
     }
@@ -2162,6 +2168,29 @@
         for (int i=0; i<N; i++) {
             removeProcessLocked(procs.get(i), callerWillRestart, allowRestart, reason);
         }
+        // See if there are any app zygotes running for this packageName / UID combination,
+        // and kill it if so.
+        final ArrayList<AppZygote> zygotesToKill = new ArrayList<>();
+        for (SparseArray<AppZygote> appZygotes : mAppZygotes.getMap().values()) {
+            for (int i = 0; i < appZygotes.size(); ++i) {
+                final int appZygoteUid = appZygotes.keyAt(i);
+                if (userId != UserHandle.USER_ALL && UserHandle.getUserId(appZygoteUid) != userId) {
+                    continue;
+                }
+                if (appId >= 0 && UserHandle.getAppId(appZygoteUid) != appId) {
+                    continue;
+                }
+                final AppZygote appZygote = appZygotes.valueAt(i);
+                if (packageName != null
+                        && !packageName.equals(appZygote.getAppInfo().packageName)) {
+                    continue;
+                }
+                zygotesToKill.add(appZygote);
+            }
+        }
+        for (AppZygote appZygote : zygotesToKill) {
+            killAppZygoteIfNeededLocked(appZygote);
+        }
         mService.updateOomAdjLocked();
         return N > 0;
     }