Merge 1d3a768f0e4118740424c0b1084fdaa3a1f7a620 on remote branch
Change-Id: I46931055c0015fc911fd26954c74c807ff98eb00
diff --git a/apexd/apexd.cpp b/apexd/apexd.cpp
index ff60ed7..b777f1f 100644
--- a/apexd/apexd.cpp
+++ b/apexd/apexd.cpp
@@ -1232,6 +1232,15 @@
}
Result<void> ActivateSharedLibsPackage(const std::string& mount_point) {
+ // Having static mutex here is not great, but since this function is called
+ // only twice during boot we can probably live with that. In U+ we will have
+ // a proper solution implemented.
+ static std::mutex mtx;
+ // ActivateSharedLibsPackage can be called concurrently from multiple threads.
+ // Since this function mutates the shared state in /apex/sharedlibs hold the
+ // mutex to avoid potential race conditions.
+ std::lock_guard guard(mtx);
+
for (const auto& lib_path : {"lib", "lib64"}) {
std::string apex_lib_path = mount_point + "/" + lib_path;
auto lib_dir = PathExists(apex_lib_path);
diff --git a/shim/build/Android.bp b/shim/build/Android.bp
index 99121d2..801899e 100644
--- a/shim/build/Android.bp
+++ b/shim/build/Android.bp
@@ -267,6 +267,9 @@
":com.android.apex.cts.shim.v2_apk_in_apex_sdk_target_p",
":com.android.apex.cts.shim.v2_apk_in_apex_upgrades",
":com.android.apex.cts.shim.v2_rebootless",
+ ":com.android.apex.cts.shim.v2_install_constraints_empty",
+ ":com.android.apex.cts.shim.v2_install_constraints_invalid_fingerprint",
+ ":com.android.apex.cts.shim.v2_install_constraints_no_value",
":com.android.apex.cts.shim.v3",
":com.android.apex.cts.shim.v3_rebootless",
":com.android.apex.cts.shim.v3_signed_bob",
@@ -596,3 +599,36 @@
installable: false,
updatable: false,
}
+
+apex {
+ name: "com.android.apex.cts.shim.v2_install_constraints_empty",
+ manifest: "manifest_v2.json",
+ androidManifest: "AndroidManifestInstallConstraints_empty.xml",
+ file_contexts: ":apex.test-file_contexts",
+ key: "com.android.apex.cts.shim.key",
+ prebuilts: ["hash_of_dev_null"],
+ installable: false,
+ updatable: false,
+}
+
+apex {
+ name: "com.android.apex.cts.shim.v2_install_constraints_invalid_fingerprint",
+ manifest: "manifest_v2.json",
+ androidManifest: "AndroidManifestInstallConstraints_invalid_fingerprint.xml",
+ file_contexts: ":apex.test-file_contexts",
+ key: "com.android.apex.cts.shim.key",
+ prebuilts: ["hash_of_dev_null"],
+ installable: false,
+ updatable: false,
+}
+
+apex {
+ name: "com.android.apex.cts.shim.v2_install_constraints_no_value",
+ manifest: "manifest_v2.json",
+ androidManifest: "AndroidManifestInstallConstraints_no_value.xml",
+ file_contexts: ":apex.test-file_contexts",
+ key: "com.android.apex.cts.shim.key",
+ prebuilts: ["hash_of_dev_null"],
+ installable: false,
+ updatable: false,
+}
diff --git a/shim/build/AndroidManifestInstallConstraints_empty.xml b/shim/build/AndroidManifestInstallConstraints_empty.xml
new file mode 100644
index 0000000..9c04d74
--- /dev/null
+++ b/shim/build/AndroidManifestInstallConstraints_empty.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="com.android.apex.cts.shim">
+ <!-- APEX does not have classes.dex -->
+ <application android:hasCode="false"/>
+ <install-constraints>
+ </install-constraints>
+</manifest>
diff --git a/shim/build/AndroidManifestInstallConstraints_invalid_fingerprint.xml b/shim/build/AndroidManifestInstallConstraints_invalid_fingerprint.xml
new file mode 100644
index 0000000..c0cda96
--- /dev/null
+++ b/shim/build/AndroidManifestInstallConstraints_invalid_fingerprint.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="com.android.apex.cts.shim">
+ <!-- APEX does not have classes.dex -->
+ <application android:hasCode="false"/>
+ <install-constraints>
+ <fingerprint-prefix android:value="does/not/exist"/>
+ </install-constraints>
+</manifest>
diff --git a/shim/build/AndroidManifestInstallConstraints_no_value.xml b/shim/build/AndroidManifestInstallConstraints_no_value.xml
new file mode 100644
index 0000000..e2e6bc8
--- /dev/null
+++ b/shim/build/AndroidManifestInstallConstraints_no_value.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="com.android.apex.cts.shim">
+ <!-- APEX does not have classes.dex -->
+ <application android:hasCode="false"/>
+ <install-constraints>
+ <!-- PackageManager will allow installation if at least one of the fingerprint-prefixes
+ matches the build fingerprint of a device.
+ Since one of them is an empty string, the apex with these constraints can be installed
+ on all devices as long as the packagename is allowlisted by the system.
+ -->
+ <fingerprint-prefix android:value="does/not/exist"/>
+ <fingerprint-prefix android:value=""/>
+ </install-constraints>
+</manifest>