App movement now has three distinct stages: copying, scanning, and
cleanup. Previously, a battery pull late in the move process would
end up with packages.xml pointing at the old location which had been
torn down. Now, we update packages.xml to point at the new location
as the "source of truth" before we start deleting the old location.
Bug: 21831336
Change-Id: I62b8916c673265c240e2574ea968cdce5a7a0074
Given a pair of absolute paths {from_path, to_path} , check that
they are both valid apk subpaths (eg. /data/app/package/foo) and
link(2) to_path to from_path. This is required by staged installs,
where we link existing apks and oat files to their staging location.
bug: 20889739
Change-Id: I3b5e3b43677af68be59308121a4409caaa6a72f0
We now move code under /data/app/com.example when a complete move
is requested. This really only works for new cluster-style installs
that also have native libraries and OAT contained inside.
Teach measuring code about cluster-style installs when measuring
app footprint. Also offer to measure private data space for all
users.
Bug: 19993667, 20275578
Change-Id: I6df7b947cb5cc8a4552f56f4b64a661e8512389f
New "mvuserdata" command will move all private app data from one
volume UUID to another. It leverages the existing "cp" toybox
command to do the heavy lifting for all known users, preserving
details like timestamps and permissions. It invokes restorecon()
to correctly label the new location when the copy is finished.
Changes installd to no longer drop capabilities, so we run as root
again. This also allows us to exec "cp" with CAP_DAC_OVERRIDE and
CAP_FOWNER still in effect.
Bug: 19993667
Change-Id: I1f407a7c4a1af97ca5afc27b04eb16b4936cbdef
We're now parsing and passing through volume UUIDs sent across the
command socket. The "!" argument value is treated as null, which
means internal storage.
Bug: 19993667
Change-Id: I17729a769ce687a2e94e85991a6338c77ded0b66
Teach free_cache() and restorecon_data() about building per-volume
paths. Also clean up restorecon_data() by using std::string when
building paths.
Clearer names for path building utility methods, and tests to verify.
Bug: 19993667
Change-Id: Iacfbcdaa5b901cc2490bc8eba366dfdeb44f1d93
Since app data paths can live on expanded storage devices, accept the
target volume UUID when building paths. The null UUID indicates the
default internal storage.
To improve readability, start using std::string in several places,
which throws when allocations fail. For now, perform last-second
sanity checks on incoming path arguments, but we'll eventually want
to check arguments as they come through installd.cpp, instead of
crashing the entire daemon.
Also remove "lib" symlink code from install() and make_user_data(),
since we're no longer supporting /data/app-lib. The framework
already uses linklib() to create the right symlink for the selected
ISA-specific library dir.
Bug: 19993667
Change-Id: Ib9343575ffb62bf3981e19375de8f3822fc31e28
This is the minimal change needed to switch it over to C++, which
paves the way for using more robust utilities like std::string.
Change-Id: I80ed6280146875eb6ddbbb340c05450388ca13f0
Apps on expanded storage live at /mnt/expand/<uuid>/app/com.example,
so we need to relax one more directory level.
Bug: 19993667
Change-Id: I347ec7b92435ea69e632ed5d5fdfabe38ce0b56e
Changes to installd:
- dexopt now allows oat_dir param for custom output directory
- Added helper method calculate_oat_file_path for calculating oat file
output location based on oat_dir and apk_path.
Bug: 19550105
Change-Id: I6b079207310583adeb6dad918a58034a059e34c4
Copies the /data/misc/keychain/cacert-* directories to all users on
the device, whereas previously they were simply copied to user 0.
This is a shallow copy so anything that wasn't supposed to be there
will disappear.
Bug: 17811821
Change-Id: Iae5909ab8d5efdb83c9c8fdf0e10ab7060d022cc
Add /system/priv-app and /oem/app paths to system paths. Also allow
rmdex on system apps, and quietly ignore when it was already removed.
Also relax logging when clearing code cache, since it's optional.
Bug: 17205122
Change-Id: I4fc4d0f63a3596937c4defbd64e1f8a1c563f02d
Make installd understand a patchoat directive and carry it out.
Bug: 15358152
(cherry picked from commit 7365a10689)
Change-Id: Id84a15e626ddde63876914068d3d9aa037abc65b
This requires a companion package manager change to prune
each instruction specific dex cache individually.
bug: 15677279
Change-Id: I5891981512bde20e49bff65b1842c28886f2b177
New command 'mkuser <id>' sets up a user directory in /data/misc/user/,
readable by all apps within that user and writeable by the local system
process.
Change-Id: I5ddde8c4a80f606e723bb41aa64581a0720842d5
The instruction-set is used to construct the dalvik cache
path and is also passed down to dex2oat.
(cherry picked from commit 791781bfb8)
Change-Id: I43396b16f6eaecacf0fb7d052526fc5a239167ac
Implement new restorecondata function which will allow
the relabeling of /data/data and /data/user directories.
This is needed in the case of certain OTAs. Not every
boot will apply this relabeling however. Consult change
I77bf2a0c4c34b1feef6fdf4d6c3bd92dbf32f4a1 for
clarification on this issue.
Change-Id: I05e8b438950ddb908e46c9168ea6ee601e6d674f
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Add args to the installd commands for profiler usage.
Make installd create the profile files and allow apps
to write to them.
The profile files are in /data/dalvik-cache/profiles. This
central location is needed due to permissions issues with
dex2oat reading from an app's data directory. The solution
is to put the profile file in a directory owned by the
install user and make the file writeable by the shared group
id of for the app. The app can read and write to these files
only in the profiles directory. The 'system' user also needs
to be able to read the files in order to determine the amount
of change to the file over time.
Bug: 12877748
Change-Id: I9b8e59e3bd7df8a1bf60fa7ffd376a24ba0eb42f
Conflicts:
cmds/installd/commands.c
Support any number of overlay packages. Support any target package.
UPDATED PACKAGE MATCHING
------------------------
In Runtime resource overlay, iteration 1, only a single overlay package
was considered. Package matching was based on file paths:
/vendor/overlay/system/framework-res.apk corresponded to
/system/framework-res.apk. Introduce a more flexible matching scheme
where any package is an overlay package if its manifest includes
<overlay targetPackage="com.target.package"/>
For security reasons, an overlay package must fulfill certain criteria
to take effect: see below.
THE IDMAP TOOL AND IDMAP FILES
------------------------------
Idmap files are created by the 'idmap' binary; idmap files must be
present when loading packages. For the Android system, Zygote calls
'idmap' as part of the resource pre-loading. For application packages,
'idmap' is invoked via 'installd' during package installation (similar
to 'dexopt').
UPDATED FLOW
------------
The following is an outline of the start-up sequences for the Android
system and Android apps. Steps marked with '+' are introduced by this
commit.
Zygote initialization
Initial AssetManager object created
+ idmap --scan creates idmaps for overlays targeting 'android', \
stores list of overlays in /data/resource-cache/overlays.list
AssetManager caches framework-res.apk
+ AssetManager caches overlay packages listed in overlays.list
Android boot
New AssetManager's ResTable acquired
AssetManager re-uses cached framework-res.apk
+ AssetManager re-uses cached 'android' overlays (if any)
App boot
ActivityThread prepares AssetManager to load app.apk
+ ActivityThread prepares AssetManager to load app overlays (if any)
New AssetManager's ResTable acquired as per Android boot
SECURITY
--------
Overlay packages are required to be pre-loaded (in /vendor/overlay).
These packages are trusted by definition. A future iteration of runtime
resource overlay may add support for downloaded overlays, which would
likely require target and overlay signatures match for the overlay to
be trusted.
LOOKUP PRIORITY
---------------
During resource lookup, packages are sequentially queried to provide a
best match, given the constraints of the current configuration. If any
package provide a better match than what has been found so far, it
replaces the previous match. The target package is always queried last.
When loading a package with more than one overlay, the order in which
the overlays are added become significant if several packages overlay
the same resource.
Had downloaded overlays been supported, the install time could have been
used to determine the load order. Regardless, for pre-installed
overlays, the install time is randomly determined by the order in which
the Package Manager locates the packages during initial boot. To support
a well-defined order, pre-installed overlay packages are expected to
define an additional 'priority' attribute in their <overlay> tags:
<overlay targetPackage="com.target.package" priority="1234"/>
Pre-installed overlays are loaded in order of their priority attributes,
sorted in ascending order.
Assigning the same priority to several overlays targeting the same base
package leads to undefined behaviour. It is the responsibility of the
vendor to avoid this.
The following example shows the ResTable and PackageGroups after loading
an application and two overlays. The resource lookup framework will
query the packages in the order C, B, A.
+------+------+- -+------+------+
| 0x01 | | ... | | 0x7f |
+------+------+- -+------+------+
| |
"android" Target package A
|
Pre-installed overlay B (priority 1)
|
Pre-installed overlay C (priority 2)
Change-Id: If49c963149369b1957f7d2303b3dd27f669ed24e
Add seinfo paramater to appropriate make directory
functions. This allows proper labeling for multi-user
scenarios.
Change-Id: Iaba7c40645bc7b6cc823d613da0c3782acf6ddd5
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
...app storage size for apps w/ .so files
The lib directories are tagged with the apk install number,
so must be explicitly passed down to installd.
Change-Id: Iae8815afd6ba964f5b2ed86a0d04a91827391ed6
This patch set allows the PMS to parse the
mac_permissions.xml file which contains the
seinfo values. Each package that is installed
on the device will be assigned an seinfo value
based on policy. This seinfo value will help label
the app process and data directory. Modifications
include adjustments to ApplicationInfo.java
to store the seinfo tag per package as well as
adjustments to installd to communicate the seinfo
tag to libselinux.
Change-Id: I61ad1ea12fb6a9a6d0b108ec163bc4bf4c954b58
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
Have installd set an app's home directory permissions to
0700 if the app has targetSdkVersion > 17.
Bug: 7208882
Change-Id: Iaa4fc42fec69bc1abdfae53704d6264dd6fa965f
