Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / apex / refs/heads/odm/dev/qssi/13/fp5^1..refs/heads/odm/dev/qssi/13/fp5 / .
commit8691b57b1d03294e7faa8b245d7a2c07f3b36a5c[log] [tgz]
authorLinux Build Service Account <lnxbuild@localhost>Sun Jan 15 15:41:16 2023 -0800
committerLinux Build Service Account <lnxbuild@localhost>Sun Jan 15 15:41:16 2023 -0800
treefa61bc296b449fce6ba9b0a50f32c56cea787a8b
parent66fe962ddbacc88b855a5b8bbd1c9adb484db518 [diff]
parent1d3a768f0e4118740424c0b1084fdaa3a1f7a620 [diff]
Merge 1d3a768f0e4118740424c0b1084fdaa3a1f7a620 on remote branch

Change-Id: I46931055c0015fc911fd26954c74c807ff98eb00

diff --git a/apexd/apexd.cpp b/apexd/apexd.cpp
index ff60ed7..b777f1f 100644
--- a/apexd/apexd.cpp
+++ b/apexd/apexd.cpp

@@ -1232,6 +1232,15 @@
 }
 
 Result<void> ActivateSharedLibsPackage(const std::string& mount_point) {
+  // Having static mutex here is not great, but since this function is called
+  // only twice during boot we can probably live with that. In U+ we will have
+  // a proper solution implemented.
+  static std::mutex mtx;
+  // ActivateSharedLibsPackage can be called concurrently from multiple threads.
+  // Since this function mutates the shared state in /apex/sharedlibs hold the
+  // mutex to avoid potential race conditions.
+  std::lock_guard guard(mtx);
+
   for (const auto& lib_path : {"lib", "lib64"}) {
     std::string apex_lib_path = mount_point + "/" + lib_path;
     auto lib_dir = PathExists(apex_lib_path);

diff --git a/shim/build/Android.bp b/shim/build/Android.bp
index 99121d2..801899e 100644
--- a/shim/build/Android.bp
+++ b/shim/build/Android.bp

@@ -267,6 +267,9 @@
     ":com.android.apex.cts.shim.v2_apk_in_apex_sdk_target_p",
     ":com.android.apex.cts.shim.v2_apk_in_apex_upgrades",
     ":com.android.apex.cts.shim.v2_rebootless",
+    ":com.android.apex.cts.shim.v2_install_constraints_empty",
+    ":com.android.apex.cts.shim.v2_install_constraints_invalid_fingerprint",
+    ":com.android.apex.cts.shim.v2_install_constraints_no_value",
     ":com.android.apex.cts.shim.v3",
     ":com.android.apex.cts.shim.v3_rebootless",
     ":com.android.apex.cts.shim.v3_signed_bob",
@@ -596,3 +599,36 @@
   installable: false,
   updatable: false,
 }
+
+apex {
+  name: "com.android.apex.cts.shim.v2_install_constraints_empty",
+  manifest: "manifest_v2.json",
+  androidManifest: "AndroidManifestInstallConstraints_empty.xml",
+  file_contexts: ":apex.test-file_contexts",
+  key: "com.android.apex.cts.shim.key",
+  prebuilts: ["hash_of_dev_null"],
+  installable: false,
+  updatable: false,
+}
+
+apex {
+  name: "com.android.apex.cts.shim.v2_install_constraints_invalid_fingerprint",
+  manifest: "manifest_v2.json",
+  androidManifest: "AndroidManifestInstallConstraints_invalid_fingerprint.xml",
+  file_contexts: ":apex.test-file_contexts",
+  key: "com.android.apex.cts.shim.key",
+  prebuilts: ["hash_of_dev_null"],
+  installable: false,
+  updatable: false,
+}
+
+apex {
+  name: "com.android.apex.cts.shim.v2_install_constraints_no_value",
+  manifest: "manifest_v2.json",
+  androidManifest: "AndroidManifestInstallConstraints_no_value.xml",
+  file_contexts: ":apex.test-file_contexts",
+  key: "com.android.apex.cts.shim.key",
+  prebuilts: ["hash_of_dev_null"],
+  installable: false,
+  updatable: false,
+}

diff --git a/shim/build/AndroidManifestInstallConstraints_empty.xml b/shim/build/AndroidManifestInstallConstraints_empty.xml
new file mode 100644
index 0000000..9c04d74
--- /dev/null
+++ b/shim/build/AndroidManifestInstallConstraints_empty.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+          package="com.android.apex.cts.shim">
+    <!-- APEX does not have classes.dex -->
+    <application android:hasCode="false"/>
+    <install-constraints>
+    </install-constraints>
+</manifest>

diff --git a/shim/build/AndroidManifestInstallConstraints_invalid_fingerprint.xml b/shim/build/AndroidManifestInstallConstraints_invalid_fingerprint.xml
new file mode 100644
index 0000000..c0cda96
--- /dev/null
+++ b/shim/build/AndroidManifestInstallConstraints_invalid_fingerprint.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+          package="com.android.apex.cts.shim">
+    <!-- APEX does not have classes.dex -->
+    <application android:hasCode="false"/>
+    <install-constraints>
+        <fingerprint-prefix android:value="does/not/exist"/>
+    </install-constraints>
+</manifest>

diff --git a/shim/build/AndroidManifestInstallConstraints_no_value.xml b/shim/build/AndroidManifestInstallConstraints_no_value.xml
new file mode 100644
index 0000000..e2e6bc8
--- /dev/null
+++ b/shim/build/AndroidManifestInstallConstraints_no_value.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+          package="com.android.apex.cts.shim">
+    <!-- APEX does not have classes.dex -->
+    <application android:hasCode="false"/>
+    <install-constraints>
+        <!-- PackageManager will allow installation if at least one of the fingerprint-prefixes
+             matches the build fingerprint of a device.
+             Since one of them is an empty string, the apex with these constraints can be installed
+             on all devices as long as the packagename is allowlisted by the system.
+         -->
+        <fingerprint-prefix android:value="does/not/exist"/>
+        <fingerprint-prefix android:value=""/>
+    </install-constraints>
+</manifest>