Commit Graph

19 Commits

Author SHA1 Message Date
Mårten Kongstad
63568b1430 Runtime resource overlay, iteration 2
Support any number of overlay packages. Support any target package.

UPDATED PACKAGE MATCHING
------------------------
In Runtime resource overlay, iteration 1, only a single overlay package
was considered. Package matching was based on file paths:
/vendor/overlay/system/framework-res.apk corresponded to
/system/framework-res.apk. Introduce a more flexible matching scheme
where any package is an overlay package if its manifest includes

    <overlay targetPackage="com.target.package"/>

For security reasons, an overlay package must fulfill certain criteria
to take effect: see below.

THE IDMAP TOOL AND IDMAP FILES
------------------------------
Idmap files are created by the 'idmap' binary; idmap files must be
present when loading packages. For the Android system, Zygote calls
'idmap' as part of the resource pre-loading. For application packages,
'idmap' is invoked via 'installd' during package installation (similar
to 'dexopt').

UPDATED FLOW
------------
The following is an outline of the start-up sequences for the Android
system and Android apps. Steps marked with '+' are introduced by this
commit.

Zygote initialization
   Initial AssetManager object created
+    idmap --scan creates idmaps for overlays targeting 'android', \
           stores list of overlays in /data/resource-cache/overlays.list
   AssetManager caches framework-res.apk
+  AssetManager caches overlay packages listed in overlays.list

Android boot
   New AssetManager's ResTable acquired
     AssetManager re-uses cached framework-res.apk
+    AssetManager re-uses cached 'android' overlays (if any)

App boot
   ActivityThread prepares AssetManager to load app.apk
+  ActivityThread prepares AssetManager to load app overlays (if any)
   New AssetManager's ResTable acquired as per Android boot

SECURITY
--------
Overlay packages are required to be pre-loaded (in /vendor/overlay).
These packages are trusted by definition. A future iteration of runtime
resource overlay may add support for downloaded overlays, which would
likely require target and overlay signatures match for the overlay to
be trusted.

LOOKUP PRIORITY
---------------
During resource lookup, packages are sequentially queried to provide a
best match, given the constraints of the current configuration. If any
package provide a better match than what has been found so far, it
replaces the previous match. The target package is always queried last.

When loading a package with more than one overlay, the order in which
the overlays are added become significant if several packages overlay
the same resource.

Had downloaded overlays been supported, the install time could have been
used to determine the load order. Regardless, for pre-installed
overlays, the install time is randomly determined by the order in which
the Package Manager locates the packages during initial boot. To support
a well-defined order, pre-installed overlay packages are expected to
define an additional 'priority' attribute in their <overlay> tags:

    <overlay targetPackage="com.target.package" priority="1234"/>

Pre-installed overlays are loaded in order of their priority attributes,
sorted in ascending order.

Assigning the same priority to several overlays targeting the same base
package leads to undefined behaviour. It is the responsibility of the
vendor to avoid this.

The following example shows the ResTable and PackageGroups after loading
an application and two overlays. The resource lookup framework will
query the packages in the order C, B, A.

        +------+------+-     -+------+------+
        | 0x01 |      |  ...  |      | 0x7f |
        +------+------+-     -+------+------+
            |                           |
        "android"                Target package A
                                        |
                       Pre-installed overlay B (priority 1)
                                        |
                       Pre-installed overlay C (priority 2)

Change-Id: If49c963149369b1957f7d2303b3dd27f669ed24e
2014-02-03 16:16:40 +01:00
Brian Carlstrom
0c05d3aca6 frameworks/native: Rename persist.sys.dalvik.vm.lib to allow new default
Bug: 12798969
Change-Id: I6b40317eceb3d89b0acff88238a9a9ab423c4d78
2014-01-30 13:16:53 -08:00
Stephen Smalley
47a351834f restorecon /data/media when re-creating it for multi-user upgrade.
Change-Id: I112c61863f2104d1962697c54cff25106e9b48a0
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-12-17 16:04:20 -05:00
Nick Kralevich
bef08b8d1b Merge "Handle policy reloads within installd rather than restarting it." 2013-11-27 21:09:13 +00:00
Nick Kralevich
e4e91c4ead resolved conflicts for merge of e678897f to klp-dev-plus-aosp
Change-Id: Ie2a5e7a917ab7f5a0ee98300b880d22c7a10bf70
2013-09-20 12:45:20 -07:00
Robert Craig
880d1a957e Proper security labeling of multi-user data directories.
Add seinfo paramater to appropriate make directory
functions. This allows proper labeling for multi-user
scenarios.

Change-Id: Iaba7c40645bc7b6cc823d613da0c3782acf6ddd5
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2013-09-18 13:21:12 +00:00
Stephen Smalley
bd558d6187 Handle policy reloads within installd rather than restarting it.
Restarting installd upon policy reloads has reportedly caused
stability problems for some users.  Stop restarting installd
and instead handle policy reloads within it.

Change-Id: I697a736d8e414cfc6cfa131ed7b97c7f7694d022
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-07-26 15:48:07 -04:00
Jeff Sharkey
abe4fe5b46 Change legacy "persona" references to userid_t.
Offers stronger typing with no functional change.

Change-Id: I09f0262470feec5cfdf26658f998c20550af84d4
2013-07-15 15:16:10 -07:00
Brian Carlstrom
e7a8b17e37 Renaming dalvik.vm.lib to persist.sys.dalvik.vm.lib
Change-Id: If31695e04bb813eb75b2fdd00e5d70ced4fbb0e9
2013-07-10 09:51:20 -07:00
Brian Carlstrom
1705fc44fb Moving dex2oat installd patches from frameworks/base
(cherry picked from commit 3fa3a652ba9a7c5b23b6f2bc7c1851d4e23e430f)

Change-Id: I2f9bb66e1b0463bef41805f2d220160880121813
2013-06-19 23:20:49 -07:00
Dianne Hackborn
8b41780d73 Fix issue #8768456: Settings > App Info under reports...
...app storage size for apps w/ .so files

The lib directories are tagged with the apk install number,
so must be explicitly passed down to installd.

Change-Id: Iae8815afd6ba964f5b2ed86a0d04a91827391ed6
2013-05-01 18:55:10 -07:00
Ying Wang
8a0cb4ee0b Add liblog
Bug: 8580410
Change-Id: I2ca4fa00dde0b574df3619134836bcb9315bd506
2013-04-09 21:55:39 -07:00
Robert Craig
4d3fd4e998 Add seinfo parsing to PackageManagerService.
This patch set allows the PMS to parse the
mac_permissions.xml file which contains the
seinfo values. Each package that is installed
on the device will be assigned an seinfo value
based on policy. This seinfo value will help label
the app process and data directory.  Modifications
include adjustments to ApplicationInfo.java
to store the seinfo tag per package as well as
adjustments to installd to communicate the seinfo
tag to libselinux.

Change-Id: I61ad1ea12fb6a9a6d0b108ec163bc4bf4c954b58
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2013-03-25 17:37:51 -07:00
Nick Kralevich
d747129e1e installd: use correct header file.
This is a port of https://android-review.googlesource.com/52540 ,
which doesn't apply cleanly to master.

Change-Id: I2824bb7afd4e343b5dc8bed9f24002ec1dcbf07f
2013-02-28 16:59:13 -08:00
Nick Kralevich
a2d838a542 Revert "App home directories are now 0700 for targetSdkVersion > 17"
This reverts commit 7f5c84a0b2.

Bug: 7966399
Bug: 7208882
Change-Id: I9fb13cf06c0f6605f3d992525346b14fe3259c66
2013-01-09 16:00:53 -08:00
Nick Kralevich
7f5c84a0b2 App home directories are now 0700 for targetSdkVersion > 17
Have installd set an app's home directory permissions to
0700 if the app has targetSdkVersion > 17.

Bug: 7208882
Change-Id: Iaa4fc42fec69bc1abdfae53704d6264dd6fa965f
2012-12-14 11:53:14 -08:00
Nick Kralevich
f62d2851a8 remove unused code.
Change-Id: Iacc8b2664a0e404dfa554f223a44126c41581ae4
2012-12-12 10:38:54 -08:00
rpcraig
f1c3ffe5f0 Bug fix on installd with SELinux enabled kernel.
setfilecon is not required on libsymlinks when target
doesn't exist. A bootloop is caused without this
change.

Change-Id: Ia895d9063f42885a3db6e8ca30cee5dceb8c1bac
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2012-11-14 10:42:28 -08:00
Mike Lockwood
94afecf4b6 Move non-Java commands over from frameworks/base
Change-Id: I0571813c1cfcf66abd36eb9f178fc49b618e88a6
Signed-off-by: Mike Lockwood <lockwood@google.com>
2012-10-24 10:45:23 -07:00