Merge "Track isolated process owners" into oc-dev
diff --git a/core/java/android/content/pm/PackageManagerInternal.java b/core/java/android/content/pm/PackageManagerInternal.java
index 370af17..16d582ef 100644
--- a/core/java/android/content/pm/PackageManagerInternal.java
+++ b/core/java/android/content/pm/PackageManagerInternal.java
@@ -314,4 +314,17 @@
*/
public abstract ResolveInfo resolveIntent(Intent intent, String resolvedType,
int flags, int userId);
+
+ /**
+ * Track the creator of a new isolated uid.
+ * @param isolatedUid The newly created isolated uid.
+ * @param ownerUid The uid of the app that created the isolated process.
+ */
+ public abstract void addIsolatedUid(int isolatedUid, int ownerUid);
+
+ /**
+ * Track removal of an isolated uid.
+ * @param isolatedUid isolated uid that is no longer being used.
+ */
+ public abstract void removeIsolatedUid(int isolatedUid);
}
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 8cb0eee..f602e43 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -6596,6 +6596,7 @@
mBatteryStatsService.noteProcessFinish(app.processName, app.info.uid);
if (app.isolated) {
mBatteryStatsService.removeIsolatedUid(app.uid, app.info.uid);
+ getPackageManagerInternalLocked().removeIsolatedUid(app.uid);
}
boolean willRestart = false;
if (app.persistent && !app.isolated) {
@@ -12089,6 +12090,7 @@
// the uid of the isolated process is specified by the caller.
uid = isolatedUid;
}
+ getPackageManagerInternalLocked().addIsolatedUid(uid, info.uid);
// Register the isolated UID with this application so BatteryStats knows to
// attribute resource usage to the application.
diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java
index 6ef0a25..899847f 100644
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -651,6 +651,11 @@
final ArrayMap<String, Set<String>> mKnownCodebase =
new ArrayMap<String, Set<String>>();
+ // Keys are isolated uids and values are the uid of the application
+ // that created the isolated proccess.
+ @GuardedBy("mPackages")
+ final SparseIntArray mIsolatedOwners = new SparseIntArray();
+
// List of APK paths to load for each user and package. This data is never
// persisted by the package manager. Instead, the overlay manager will
// ensure the data is up-to-date in runtime.
@@ -6175,6 +6180,10 @@
* instant, returns {@code null}.
*/
private String getInstantAppPackageName(int callingUid) {
+ // If the caller is an isolated app use the owner's uid for the lookup.
+ if (Process.isIsolated(callingUid)) {
+ callingUid = mIsolatedOwners.get(callingUid);
+ }
final int appId = UserHandle.getAppId(callingUid);
synchronized (mPackages) {
final Object obj = mSettings.getUserIdLPr(appId);
@@ -7347,17 +7356,22 @@
if (HIDE_EPHEMERAL_APIS || isEphemeralDisabled()) {
return false;
}
+ int uid = Binder.getCallingUid();
+ if (Process.isIsolated(uid)) {
+ uid = mIsolatedOwners.get(uid);
+ }
synchronized (mPackages) {
final PackageSetting ps = mSettings.mPackages.get(packageName);
+ PackageParser.Package pkg = mPackages.get(packageName);
final boolean returnAllowed =
ps != null
- && (isCallerSameApp(packageName)
+ && (isCallerSameApp(packageName, uid)
|| mContext.checkCallingOrSelfPermission(
android.Manifest.permission.ACCESS_INSTANT_APPS)
== PERMISSION_GRANTED
|| mInstantAppRegistry.isInstantAccessGranted(
- userId, UserHandle.getAppId(Binder.getCallingUid()), ps.appId));
+ userId, UserHandle.getAppId(uid), ps.appId));
if (returnAllowed) {
return ps.getInstantApp(userId);
}
@@ -7374,7 +7388,7 @@
enforceCrossUserPermission(Binder.getCallingUid(), userId,
true /* requireFullPermission */, false /* checkShell */,
"getInstantAppCookie");
- if (!isCallerSameApp(packageName)) {
+ if (!isCallerSameApp(packageName, Binder.getCallingUid())) {
return null;
}
synchronized (mPackages) {
@@ -7392,7 +7406,7 @@
enforceCrossUserPermission(Binder.getCallingUid(), userId,
true /* requireFullPermission */, true /* checkShell */,
"setInstantAppCookie");
- if (!isCallerSameApp(packageName)) {
+ if (!isCallerSameApp(packageName, Binder.getCallingUid())) {
return false;
}
synchronized (mPackages) {
@@ -7420,10 +7434,10 @@
}
}
- private boolean isCallerSameApp(String packageName) {
+ private boolean isCallerSameApp(String packageName, int uid) {
PackageParser.Package pkg = mPackages.get(packageName);
return pkg != null
- && UserHandle.getAppId(Binder.getCallingUid()) == pkg.applicationInfo.uid;
+ && UserHandle.getAppId(uid) == pkg.applicationInfo.uid;
}
@Override
@@ -23187,6 +23201,21 @@
return resolveIntentInternal(
intent, resolvedType, flags, userId, true /*includeInstantApp*/);
}
+
+
+ @Override
+ public void addIsolatedUid(int isolatedUid, int ownerUid) {
+ synchronized (mPackages) {
+ mIsolatedOwners.put(isolatedUid, ownerUid);
+ }
+ }
+
+ @Override
+ public void removeIsolatedUid(int isolatedUid) {
+ synchronized (mPackages) {
+ mIsolatedOwners.delete(isolatedUid);
+ }
+ }
}
@Override