commit 810c052d9b117217152c2a609ccec056a2a61d1e
author Primiano Tucci <primiano@google.com> Fri Jul 25 18:03:16 2014 +0100
committer Ben Murdoch <benm@google.com> Fri Aug 01 14:24:09 2014 +0100
tree fbc663c7cf06cba6a8eda4accbe7d718023c646f
parent 6c778cebc73e7eb76510f6e2183d804b8c07082b

Cherry pick Introduce startIsolatedProcess private API in ActivityManager DO NOT MERGE

The new API spawns a isolated process, using a custom uid, entrypoint and
abi. Such API is used by the WebViewFactory to spawn its unpriviledged
but trusted process (hence the fixed uid) which rewrites the rerlo file
on boot / when an update occurs.
Since both the ActivityManager service and the WebViewUpdate service
live in the SystemServer their calls be dispatched locally and no
binder interface needs to be exposed for the new startIsolatedProcess API.

Original BUG:16403706
Original Change-Id: I327b59735c12698595e0dbcc4da5d759c9103b0a

Bug: 16723226
Change-Id: Iecb49888e11eec9d302d9712953fd498db5821af

services/core/java/com/android/server/webkit/WebViewUpdateService.java

diff --git a/services/core/java/com/android/server/webkit/WebViewUpdateService.java b/services/core/java/com/android/server/webkit/WebViewUpdateService.java
index 60724e7..06dc362 100644
--- a/services/core/java/com/android/server/webkit/WebViewUpdateService.java
+++ b/services/core/java/com/android/server/webkit/WebViewUpdateService.java
@@ -23,6 +23,7 @@
 import android.os.Binder;
 import android.os.Process;
 import android.util.Log;
+import android.util.Slog;
 import android.webkit.IWebViewUpdateService;
 import android.webkit.WebViewFactory;
 
@@ -30,6 +31,8 @@
  * Private service to wait for the updatable WebView to be ready for use.
  * @hide
  */
+// TODO This should be implemented using the new pattern for system services.
+// See comments in CL 509840.
 public class WebViewUpdateService extends IWebViewUpdateService.Stub {
 
     private static final String TAG = "WebViewUpdateService";
@@ -57,11 +60,14 @@
 
     /**
      * The shared relro process calls this to notify us that it's done trying to create a relro
-     * file.
+     * file. This method gets called even if the relro creation has failed or the process crashed.
      */
+    @Override // Binder call
     public void notifyRelroCreationCompleted(boolean is64Bit, boolean success) {
-        // Verify that the caller is the shared relro process.
-        if (Binder.getCallingUid() != Process.SHARED_RELRO_UID) {
+        // Verify that the caller is either the shared relro process (nominal case) or the system
+        // server (only in the case the relro process crashes and we get here via the crashHandler).
+        if (Binder.getCallingUid() != Process.SHARED_RELRO_UID &&
+                Binder.getCallingUid() != Process.SYSTEM_UID) {
             return;
         }
 
@@ -78,7 +84,13 @@
     /**
      * WebViewFactory calls this to block WebView loading until the relro file is created.
      */
+    @Override // Binder call
     public void waitForRelroCreationCompleted(boolean is64Bit) {
+        if (Binder.getCallingUid() == Process.SYSTEM_UID) {
+            Slog.wtf(TAG, "Trying to load WebView from the SystemServer",
+                     new IllegalStateException());
+        }
+
         synchronized (this) {
             if (is64Bit) {
                 while (!mRelroReady64Bit) {