Add new feature for running services in "isolated" sandbox processes. This reserves a range of uids (for each user) in which these processes run. These uids are not associated with an application, so they effectively run with no permissions. When a Service requests to run in such a process through android:isolatedProcess="true", each time it is brought up a new isolated process is started with its own unique uid. What we have so far gives us the basic infrastructure; more work remains to further lock down what these uids have access to. Change-Id: Ibfd27c75619cba61f528f46ede9113f98dc5f45b

commit: a0c283eac33dd2da72235751bbfa4f2d9898d5ea [log] [tgz]
author: Dianne Hackborn <hackbod@google.com> Thu Feb 09 10:47:01 2012 -0800
committer: Dianne Hackborn <hackbod@google.com> Thu Feb 09 11:18:33 2012 -0800
tree: 4a772771c79de9a0817115a49b5018397cd64add
parent: f6a7e1f7cd12fbbb2e35391850aec7d7d57b8f66 [diff] [blame]
diff --git a/services/java/com/android/server/am/ActivityStack.java b/services/java/com/android/server/am/ActivityStack.java
index 0d21760..f59f0c1 100644
--- a/services/java/com/android/server/am/ActivityStack.java
+++ b/services/java/com/android/server/am/ActivityStack.java

@@ -761,7 +761,7 @@
         }
 
         mService.startProcessLocked(r.processName, r.info.applicationInfo, true, 0,
-                "activity", r.intent.getComponent(), false);
+                "activity", r.intent.getComponent(), false, false);
     }
     
     void stopIfSleepingLocked() {
commit	a0c283eac33dd2da72235751bbfa4f2d9898d5ea	[log] [tgz]
author	Dianne Hackborn <hackbod@google.com>	Thu Feb 09 10:47:01 2012 -0800
committer	Dianne Hackborn <hackbod@google.com>	Thu Feb 09 11:18:33 2012 -0800
tree	4a772771c79de9a0817115a49b5018397cd64add
parent	f6a7e1f7cd12fbbb2e35391850aec7d7d57b8f66 [diff] [blame]