Kill app zygote when package is removed.
Since the app zygote is kept around for a few seconds after the last
isolated service using it goes away, it was possible to install a new
version of an app and launch a service before that timeout had expired -
causing the service to use the app zygote which loaded the old code. To
prevent this, clean up the app zygote as part of package process
cleanup.
Bug: 124401845
Test: manual
Change-Id: I2d2ef28280a9631275569e419283e160ca9e1105
diff --git a/services/core/java/com/android/server/am/ProcessList.java b/services/core/java/com/android/server/am/ProcessList.java
index 0d49e4c..e165bda 100644
--- a/services/core/java/com/android/server/am/ProcessList.java
+++ b/services/core/java/com/android/server/am/ProcessList.java
@@ -1705,9 +1705,15 @@
zygoteProcesses.remove(app);
if (zygoteProcesses.size() == 0) {
mService.mHandler.removeMessages(KILL_APP_ZYGOTE_MSG);
- Message msg = mService.mHandler.obtainMessage(KILL_APP_ZYGOTE_MSG);
- msg.obj = appZygote;
- mService.mHandler.sendMessageDelayed(msg, KILL_APP_ZYGOTE_DELAY_MS);
+ if (app.removed) {
+ // If we stopped this process because the package hosting it was removed,
+ // there's no point in delaying the app zygote kill.
+ killAppZygoteIfNeededLocked(appZygote);
+ } else {
+ Message msg = mService.mHandler.obtainMessage(KILL_APP_ZYGOTE_MSG);
+ msg.obj = appZygote;
+ mService.mHandler.sendMessageDelayed(msg, KILL_APP_ZYGOTE_DELAY_MS);
+ }
}
}
}
@@ -2162,6 +2168,29 @@
for (int i=0; i<N; i++) {
removeProcessLocked(procs.get(i), callerWillRestart, allowRestart, reason);
}
+ // See if there are any app zygotes running for this packageName / UID combination,
+ // and kill it if so.
+ final ArrayList<AppZygote> zygotesToKill = new ArrayList<>();
+ for (SparseArray<AppZygote> appZygotes : mAppZygotes.getMap().values()) {
+ for (int i = 0; i < appZygotes.size(); ++i) {
+ final int appZygoteUid = appZygotes.keyAt(i);
+ if (userId != UserHandle.USER_ALL && UserHandle.getUserId(appZygoteUid) != userId) {
+ continue;
+ }
+ if (appId >= 0 && UserHandle.getAppId(appZygoteUid) != appId) {
+ continue;
+ }
+ final AppZygote appZygote = appZygotes.valueAt(i);
+ if (packageName != null
+ && !packageName.equals(appZygote.getAppInfo().packageName)) {
+ continue;
+ }
+ zygotesToKill.add(appZygote);
+ }
+ }
+ for (AppZygote appZygote : zygotesToKill) {
+ killAppZygoteIfNeededLocked(appZygote);
+ }
mService.updateOomAdjLocked();
return N > 0;
}