am 27936ad3: Merge "Block loading WebView in privileged processes." into lmp-mr1-dev

* commit '27936ad3a677509fab1174c7b6655c894f018143':
  Block loading WebView in privileged processes.
diff --git a/core/java/android/webkit/WebViewFactory.java b/core/java/android/webkit/WebViewFactory.java
index 7b23d8f..474ef42 100644
--- a/core/java/android/webkit/WebViewFactory.java
+++ b/core/java/android/webkit/WebViewFactory.java
@@ -18,8 +18,8 @@
 
 import android.annotation.SystemApi;
 import android.app.ActivityManagerInternal;
-import android.app.Application;
 import android.app.AppGlobals;
+import android.app.Application;
 import android.content.Context;
 import android.content.pm.ApplicationInfo;
 import android.content.pm.PackageInfo;
@@ -34,14 +34,14 @@
 import android.text.TextUtils;
 import android.util.AndroidRuntimeException;
 import android.util.Log;
+
 import com.android.server.LocalServices;
+
 import dalvik.system.VMRuntime;
 
 import java.io.File;
 import java.util.Arrays;
 
-import com.android.internal.os.Zygote;
-
 /**
  * Top level factory, used creating all the main WebView implementation classes.
  *
@@ -91,6 +91,12 @@
             // us honest and minimize usage of WebView internals when binding the proxy.
             if (sProviderInstance != null) return sProviderInstance;
 
+            final int uid = android.os.Process.myUid();
+            if (uid == android.os.Process.ROOT_UID || uid == android.os.Process.SYSTEM_UID) {
+                throw new UnsupportedOperationException(
+                        "For security reasons, WebView is not allowed in privileged processes");
+            }
+
             Trace.traceBegin(Trace.TRACE_TAG_WEBVIEW, "WebViewFactory.getProvider()");
             try {
                 Trace.traceBegin(Trace.TRACE_TAG_WEBVIEW, "WebViewFactory.loadNativeLibrary()");