am 27936ad3: Merge "Block loading WebView in privileged processes." into lmp-mr1-dev
* commit '27936ad3a677509fab1174c7b6655c894f018143':
Block loading WebView in privileged processes.
diff --git a/core/java/android/webkit/WebViewFactory.java b/core/java/android/webkit/WebViewFactory.java
index 7b23d8f..474ef42 100644
--- a/core/java/android/webkit/WebViewFactory.java
+++ b/core/java/android/webkit/WebViewFactory.java
@@ -18,8 +18,8 @@
import android.annotation.SystemApi;
import android.app.ActivityManagerInternal;
-import android.app.Application;
import android.app.AppGlobals;
+import android.app.Application;
import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
@@ -34,14 +34,14 @@
import android.text.TextUtils;
import android.util.AndroidRuntimeException;
import android.util.Log;
+
import com.android.server.LocalServices;
+
import dalvik.system.VMRuntime;
import java.io.File;
import java.util.Arrays;
-import com.android.internal.os.Zygote;
-
/**
* Top level factory, used creating all the main WebView implementation classes.
*
@@ -91,6 +91,12 @@
// us honest and minimize usage of WebView internals when binding the proxy.
if (sProviderInstance != null) return sProviderInstance;
+ final int uid = android.os.Process.myUid();
+ if (uid == android.os.Process.ROOT_UID || uid == android.os.Process.SYSTEM_UID) {
+ throw new UnsupportedOperationException(
+ "For security reasons, WebView is not allowed in privileged processes");
+ }
+
Trace.traceBegin(Trace.TRACE_TAG_WEBVIEW, "WebViewFactory.getProvider()");
try {
Trace.traceBegin(Trace.TRACE_TAG_WEBVIEW, "WebViewFactory.loadNativeLibrary()");