Pass additional inputs when spawning apps via the Zygote and add SELinux permission checks.
When spawning an app process, the ActivityManagerService has additional information
about the app package that may be useful in setting a SELinux security context on the
process. Extend the Process.start() interface to allow passing such information
to the Zygote spawner. We originally considered using the existing zygoteArgs
argument, but found that those arguments are appended after the class name and
left uninterpreted by ZygoteConnection, merely passed along to the class or wrapper.
Thus we introduce a new seInfo argument for this purpose.
Modify the ZygoteConnection to interpret the new option and convey it to
forkAndSpecialize, as well as passing the nice name as a further input.
Also modify the ZygoteConnection to apply SELinux permission checks on
privileged operations.
Change-Id: I66045ffd33ca9898b1d026882bcc1c5baf3adc17
diff --git a/services/java/com/android/server/am/ActivityManagerService.java b/services/java/com/android/server/am/ActivityManagerService.java
index cffb391..5044554 100644
--- a/services/java/com/android/server/am/ActivityManagerService.java
+++ b/services/java/com/android/server/am/ActivityManagerService.java
@@ -1967,7 +1967,7 @@
// the PID of the new process, or else throw a RuntimeException.
Process.ProcessStartResult startResult = Process.start("android.app.ActivityThread",
app.processName, uid, uid, gids, debugFlags,
- app.info.targetSdkVersion, null);
+ app.info.targetSdkVersion, null, null);
BatteryStatsImpl bs = app.batteryStats.getBatteryStats();
synchronized (bs) {