Commit Graph

153 Commits

Author SHA1 Message Date
Yevgeny Rouban
b0d8d00b29 Allow more than one dex2oat extra option
All extra options are provided as one argument to dex2oat.
The patch splits all options to individual ones.

Change-Id: Ied65bb9cf38b114611e88a8d5d86305021700d0b
Signed-off-by: Serguei Katkov <serguei.i.katkov@intel.com>
Signed-off-by: Yevgeny Rouban <yevgeny.y.rouban@intel.com>
2014-09-17 10:58:35 +00:00
Dan Albert
4355c0c986 am e1e3d278: Merge "Clean cruft out of makefiles."
* commit 'e1e3d278549eb6389eb0b5fa3f13a4ac079a55a2':
  Clean cruft out of makefiles.
2014-09-12 16:22:03 +00:00
Dan Albert
9e8b528926 resolved conflicts for merge of 07c9557f to lmp-dev-plus-aosp
Change-Id: Ic212ab2ee90b1cc7db7203210b047c870bb5c476
2014-09-12 09:00:50 -07:00
Dan Albert
b79dfe6721 Clean cruft out of makefiles.
Cleans up manual uses of stlport and bionic (and removes uses of private
bionic headers).

Change-Id: I157309d702e59152adfa3450939082248ae4c043
2014-09-11 18:49:47 -07:00
Chih-Hung Hsieh
99d9fb15b4 Fix warnings on unused variables and parameters.
BUG: 17474723
Change-Id: If40f5e765090cfb970e4129b78b1e74cf8bad217
2014-09-11 16:57:59 -07:00
Jeff Sharkey
0ffb91383f am 464e539c: Merge "Add new system APK locations." into lmp-dev
* commit '464e539cd3e931aaca99a67d0addc6d68bd96b3d':
  Add new system APK locations.
2014-09-09 16:44:52 +00:00
Jeff Sharkey
770180a4dd Add new system APK locations.
Add /system/priv-app and /oem/app paths to system paths.  Also allow
rmdex on system apps, and quietly ignore when it was already removed.

Also relax logging when clearing code cache, since it's optional.

Bug: 17205122
Change-Id: I4fc4d0f63a3596937c4defbd64e1f8a1c563f02d
2014-09-09 08:22:58 -07:00
Nick Kralevich
2a8bb978d5 am 51eec3b9: Merge "Fix relabeling of secondary user package directories."
* commit '51eec3b98788039afc5fd7ffe76612c7f8d9b39c':
  Fix relabeling of secondary user package directories.
2014-09-08 20:55:32 +00:00
Stephen Smalley
8ac2a648b6 Fix relabeling of secondary user package directories.
When relabeling secondary user package directories, we need to use
the uid of the directory rather than the primary package UID;
otherwise, levelFrom=user will not work correctly.

Change-Id: I0d76ec6ec6fe56a566023ca5e1398efdf28fc81e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-09-08 15:51:55 -04:00
Brian Carlstrom
ad2a4083fe am 8c1642ad: Merge "Remove obsolete prunedexcache"
* commit '8c1642ad4ea8fbeb7d03f30e5f50e03c28d40065':
  Remove obsolete prunedexcache
2014-08-29 11:39:54 +00:00
Alex Light
8b17ac6bd6 Remove obsolete prunedexcache
Bug: 16875245

(cherry picked from commit 5f727f8694)

Change-Id: I06e14c405aa4af295795982c1d236be3cb00e893
2014-08-28 16:54:54 -07:00
Alex Light
5f727f8694 Remove obsolete prunedexcache
Bug: 16875245

Change-Id: I06e14c405aa4af295795982c1d236be3cb00e893
2014-08-28 23:30:52 +00:00
Jeff Sharkey
18a9457edd am 7903c6a2: Merge "Make clear data stricter." into lmp-dev
* commit '7903c6a263354506ace10fc32aa65c231b64f62b':
  Make clear data stricter.
2014-08-27 18:26:20 +00:00
Jeff Sharkey
7903c6a263 Merge "Make clear data stricter." into lmp-dev 2014-08-27 17:58:35 +00:00
Jeff Sharkey
3316fe472f Make clear data stricter.
It should nuke everything under the data directory.  PMS will come
around and generate the lib symlink after we're finished.

Bug: 16739202
Change-Id: Ib70af2e1450e3bed6781fb497b9cc67e1e594c49
2014-08-27 10:46:28 -07:00
Calin Juravle
7330016a75 am 97477d20: Set compiler filter flag to true when vmSafeMode is present.
* commit '97477d203eaf0c3235bbe2415356f20a0431cada':
  Set compiler filter flag to true when vmSafeMode is present.
2014-08-27 16:33:27 +00:00
Calin Juravle
4f60ac2bbc Add vm_safe_mode to dexopt.
The flag enforces interpret-only flag for dex2oat.

Bug: 12457423

(cherry picked from commit b1efac1035)
(cherry picked from commit 97477d203e)

Change-Id: I215339527e998b24e274c8df42a5024839e6a9fa
2014-08-27 16:16:05 +01:00
Calin Juravle
97477d203e Set compiler filter flag to true when vmSafeMode is present.
Bug: 12457423
Change-Id: I33345c5cce76681d8a6592ebae8c9f96a9f0f8bd
2014-08-27 16:10:03 +01:00
Calin Juravle
2d509c0113 am 7de2bde3: Merge "Add vm_safe_mode to dexopt." into lmp-dev
* commit '7de2bde3c4c3a6ecc7e6f21e3f3322688b718c4a':
  Add vm_safe_mode to dexopt.
2014-08-26 19:28:57 +00:00
Calin Juravle
188fb813c1 am 20558f11: Merge "Pass isa features flag to dex2oat." into lmp-dev
* commit '20558f1154abcf3360fd972f6d2c80bb80f78502':
  Pass isa features flag to dex2oat.
2014-08-26 17:51:57 +00:00
Calin Juravle
e9eb12c291 Pass isa features flag to dex2oat.
Bug: 16716262

(cherry picked from commit 8fc7315a67)

Change-Id: I3cb1d82604612bc7212bcbdeef685bc05b695b6a
2014-08-26 18:48:30 +01:00
Calin Juravle
b1efac1035 Add vm_safe_mode to dexopt.
The flag enforces interpret-only flag for dex2oat.

Bug: 12457423
Change-Id: Ifdafcc1afa32996577fa44c5682eeb58c79772ac
2014-08-26 18:10:40 +01:00
Calin Juravle
8fc7315a67 Pass isa features flag to dex2oat.
Bug: 16716262
Change-Id: Ifbc3a1520bc177aa87855edb60c36346f24c77cd
2014-08-26 18:10:36 +01:00
Calin Juravle
01f481649d am c597b6dd: Fix validation of system paths in installd.
* commit 'c597b6dd895dbb2b28c757ce7a2651b3cdc9b00c':
  Fix validation of system paths in installd.
2014-08-22 14:54:28 +00:00
Calin Juravle
f53c08befc Fix validation of system paths in installd.
System apps are now installed under their own directory
(system_app_dir/app_dir/app.apk). The new path doesn't pass installd
validation because of obsolete checks which verify that the path does
not contain subdirectories past the system_app_dir.

The CL fixes the validation to accept at most on subdirectory.

Bug: 17109858

(cherry picked from commit c597b6dd89)

Change-Id: Ic5f15d1864c6af9f4c4b07dc27244ebbb521ad5e
2014-08-22 15:33:30 +01:00
Calin Juravle
c597b6dd89 Fix validation of system paths in installd.
System apps are now installed under their own directory
(system_app_dir/app_dir/app.apk). The new path doesn't pass installd
validation because of obsolete checks which verify that the path does
not contain subdirectories past the system_app_dir.

The CL fixes the validation to accept at most on subdirectory.

Bug: 17109858
Change-Id: I13abb52c0016610ff436f6a26bb6b3b85dc4dfb0
2014-08-22 14:52:53 +01:00
Calin Juravle
c542d1141d am 67cfe0c0: Merge "Allow apk path to contain one subdirectory." into lmp-dev
* commit '67cfe0c0660c36ca385ad0eeb1352a2df721b49c':
  Allow apk path to contain one subdirectory.
2014-08-22 13:15:53 +00:00
Calin Juravle
9d76156266 Allow apk path to contain one subdirectory.
In the current directory layout this prevented rm_dex and move_dex
commands to validate the apk path and thus cleaning up resources.

Bug: 16888084

(cherry picked from commit fd88ff2edd)

Change-Id: I1002529b0c35852c67540d3165d1444523460592
2014-08-22 14:04:45 +01:00
Calin Juravle
fd88ff2edd Allow apk path to contain one subdirectory.
In the current directory layout this prevented rm_dex and move_dex
commands to validate the apk path and thus cleaning up resources.

Bug: 16888084
Change-Id: Iba579d075a9c6d7de047e7ffef95441498257086
2014-08-20 15:37:54 +01:00
Brian Carlstrom
46ab27e624 am e18987ef: Disable verification based on vold.decrypt. [frameworks/native]
* commit 'e18987efb5e39ca1bed15527b7b82bde55c99669':
  Disable verification based on vold.decrypt. [frameworks/native]
2014-08-15 17:20:38 +00:00
Brian Carlstrom
e18987efb5 Disable verification based on vold.decrypt. [frameworks/native]
Bug: 15165413
Change-Id: Ie70bf4e1348b7b8b2454cf9b498b272416d61c34
2014-08-15 09:57:55 -07:00
Brian Carlstrom
f7765c4a17 Disable verification based on vold.decrypt. [frameworks/native]
Bug: 15165413

(cherry picked from commit e18987efb5)

Change-Id: Ie55ef400c9d1f231b3be64248c756ac798a11ffe
2014-08-15 10:05:32 -07:00
Andreas Gampe
f12e678d4b am 1a22eb7b: Merge "Change an accidental ALOGE to an ALOGV"
* commit '1a22eb7ba1062ed1ee35cdb9d797019699cbce8b':
  Change an accidental ALOGE to an ALOGV
2014-08-11 20:00:46 +00:00
Andreas Gampe
1a22eb7ba1 Merge "Change an accidental ALOGE to an ALOGV" 2014-08-11 18:01:48 +00:00
Narayan Kamath
93b1b9a42c am 82e98c21: Merge "Use set_sched_policy to put dexopt operations in SP_BACKGROUND cgroup"
* commit '82e98c21f8606e0de8c6beb4372bc4ae9f52b515':
  Use set_sched_policy to put dexopt operations in SP_BACKGROUND cgroup
2014-08-11 17:36:11 +00:00
Brian Carlstrom
3b14e5b1f3 Use set_sched_policy to put dexopt operations in SP_BACKGROUND cgroup
Bug: 15927194

(cherry picked from commit 0378aaf257)

Change-Id: I462b5ac256c4d091ed4023cf4b97dd6a4abcaa5f
2014-08-11 18:31:03 +01:00
Alex Light
a7915d437c Change an accidental ALOGE to an ALOGV
Change-Id: If07bcef597dd9e531ce6d92c7780ba6ad5090f9a
2014-08-11 10:07:02 -07:00
Brian Carlstrom
0378aaf257 Use set_sched_policy to put dexopt operations in SP_BACKGROUND cgroup
Bug: 15927194
Change-Id: Id8bc188de68d62fd5f91a99aaaa6c8f2dea06abd
2014-08-08 22:10:06 -07:00
Brian Carlstrom
41cd9eb424 Disable compilation based on vold.decrypt. [frameworks/native]
Bug: 15165413

(cherry picked from commit 538998f204)

Change-Id: Idae36efa1cb3fb99b51fa0a79b6bb037981d1c71
2014-08-06 21:59:35 -07:00
Brian Carlstrom
9a87db6e1f Move from dalvik.vm.image-dex2oat-flags to dalvik.vm.dex2oat-filter [frameworks/native]
This will allow us to conditionally change the compiler-filter based on other properties.

Bug: 15165413

(cherry picked from commit cf51ba1360)

Change-Id: I6613c9710878d56ed8c121e0caded76a64430f76
2014-08-06 21:59:32 -07:00
Alex Light
43c5d30795 Make system use patchoat to relocate during runtime.
Make installd understand a patchoat directive and carry it out.

Bug: 15358152

(cherry picked from commit 7365a10689)

Change-Id: Id84a15e626ddde63876914068d3d9aa037abc65b
2014-08-06 16:27:55 -07:00
Brian Carlstrom
021843c78d am 8ce28672: Merge "Make system use patchoat to relocate during runtime."
* commit '8ce28672106956eeff6d0ed2d1d826ec192e58ee':
  Make system use patchoat to relocate during runtime.
2014-08-05 21:00:09 +00:00
Alex Light
7365a10689 Make system use patchoat to relocate during runtime.
Make installd understand a patchoat directive and carry it out.

Bug: 15358152

Change-Id: Ibe92d8b55a24bbf718b0416a21b76e5df7a2de26
2014-08-05 10:22:10 -07:00
Brian Carlstrom
755d35f5fa am 74b3ecf4: Merge "Disable compilation based on vold.decrypt. [frameworks/native]"
* commit '74b3ecf485254d8cb4ae2b1d4d5221454738a58d':
  Disable compilation based on vold.decrypt. [frameworks/native]
2014-08-04 18:37:31 +00:00
Brian Carlstrom
6461ddb4e1 am 9c49e21d: Merge "Move from dalvik.vm.image-dex2oat-flags to dalvik.vm.dex2oat-filter [frameworks/native]"
* commit '9c49e21d80cb55b7d77fdf118f06b88100141678':
  Move from dalvik.vm.image-dex2oat-flags to dalvik.vm.dex2oat-filter [frameworks/native]
2014-08-04 18:37:26 +00:00
Brian Carlstrom
538998f204 Disable compilation based on vold.decrypt. [frameworks/native]
Bug: 15165413
Change-Id: Ibc39ab82e02e42345c6e2667ac45884f2e0cf7a4
2014-08-04 11:25:45 -07:00
Brian Carlstrom
cf51ba1360 Move from dalvik.vm.image-dex2oat-flags to dalvik.vm.dex2oat-filter [frameworks/native]
This will allow us to conditionally change the compiler-filter based on other properties.

Bug: 15165413
Change-Id: Iff27dc2904f4f0d7c25a684cd6ba16a597f252fd
2014-07-30 14:36:35 -07:00
Elliott Hughes
6fd0408de1 am 4dd0d800: Merge "Fix implicit declaration of function \'prctl\' in installd."
* commit '4dd0d8008a84d1b8e5d9cae2a3491fa92b79c388':
  Fix implicit declaration of function 'prctl' in installd.
2014-07-19 00:38:11 +00:00
Elliott Hughes
119b765a05 Fix implicit declaration of function 'prctl' in installd.
(cherry picked from commit ec535c5ba5)

Change-Id: I3da977d85ce544b23ff00934fdbd201d683e9210
2014-07-18 17:30:32 -07:00
Elliott Hughes
ec535c5ba5 Fix implicit declaration of function 'prctl' in installd.
Change-Id: I469ee15a0a8a79d005b15aad5097b6c13c20ab7e
2014-07-18 17:29:15 -07:00
Jeff Sharkey
c796b681e5 Offer to delete code cache directories.
Bug: 16187224
Change-Id: Ia860b051a34ffdfb4f6e0ea19f90cb73509c4eee
2014-07-15 21:49:51 -07:00
Robin Lee
7c5be65f28 Merge "Rename 'mkuser' command to 'mkuserconfig'" 2014-07-04 08:02:36 +00:00
Brian Carlstrom
e46a75a0f6 Make dex2oat heap size product configurable [frameworks/native]
Bug: 15919420
Change-Id: I0e629ff4f7541f0dde7380e0dbc8dab1c13df7bd
2014-07-08 15:12:07 -07:00
Brian Carlstrom
53e0776d96 Use current max product dalvik.vm.heapsize as default dex2oat heap size
Bug: 15919420

(cherry picked from commit 3aa138617b)

Change-Id: I569ba111c6163e94dd1b09b21ef374f05d263e72
2014-06-27 14:19:36 -07:00
Narayan Kamath
357df19b14 Merge "Exclude subdirectories when pruning the dex cache." 2014-06-24 06:22:45 +00:00
Narayan Kamath
1e57e4af8a Exclude subdirectories when pruning the dex cache.
This requires a companion package manager change to prune
each instruction specific dex cache individually.

bug: 15677279

Change-Id: I5891981512bde20e49bff65b1842c28886f2b177
2014-06-20 17:46:58 +01:00
Brian Carlstrom
71f9956a23 Merge "Fix obsolete argument name" 2014-06-17 05:00:50 +00:00
Brian Carlstrom
7195fcc218 Fix obsolete argument name
Change-Id: I8030f055ee49dc86d4592f36791edddfc0d60a31
2014-06-16 13:28:03 -07:00
Narayan Kamath
8c9bcff892 Merge "Add an installd command to prune dex files." 2014-06-10 21:26:11 +00:00
Nick Kralevich
0db0f97d87 installd: change profile files to 0660
Profiling information leaks data about how people interact
with apps, so we don't want the data to be available
to other apps. Only the app and system_server need access.

Don't create the /data/dalvik-cache/profiles directory. init.rc
does it for us now.

Change-Id: Ic1b44009faa30d704855e97631006c4b990a4ad3
2014-06-12 14:54:43 -07:00
Calin Juravle
7281ca65d0 Merge "Pass --top-k-profile-threshold to dex2oat if available." 2014-06-10 21:26:11 +00:00
Robin Lee
7c8bec0179 Rename 'mkuser' command to 'mkuserconfig'
Brings the name more in line with what it actually does.

Change-Id: I0adb14deb1a035abdbe51714356bd0c94ccf04c5
2014-06-10 18:59:55 +01:00
Narayan Kamath
3aee2c5c74 Add an installd command to prune dex files.
This is a straightforward port of logic from
PackageManagerService#pruneDexFiles.

bug: 14407732

Change-Id: I892cff027ddcbb1a4fb37a7af5ecf1697049a188
2014-06-10 15:21:18 +01:00
Calin Juravle
4fdff46166 Pass --top-k-profile-threshold to dex2oat if available.
Also, don't pass --profile-file if the file is empty.
Bug: 12877748

Change-Id: I587d198e64da709930e2cea50a87fed1525281e5
2014-06-10 14:33:15 +01:00
Robin Lee
c4193f1fef Merge "Migrate keychain directories to /data/misc/user/0" 2014-06-09 12:44:34 +00:00
Calin Juravle
57c69c3964 Don't always add profile-file option to dex2oat
Add profile-file option to dex2oat only if the profiler is active and
the file exists.

Bug: 12877748
Bug: 15275634
Change-Id: Icef76514c912c88311ed108f2be7a6329131f741
2014-06-06 15:13:06 +01:00
Robin Lee
07053fcb61 Migrate keychain directories to /data/misc/user/0
With new CA certificates being stored in /data/misc/user/<userid>/
existing ones need to be moved into the same place.

After this update only the owner user will have custom trusted CAs; all
other users will revert to the default set.

Change-Id: I14a4cd6048685902ad5dd3b53494b03fadc41c04
2014-06-05 17:35:50 +00:00
Robin Lee
095c763dd9 Add installd command to create /data/misc user dir
New command 'mkuser <id>' sets up a user directory in /data/misc/user/,
readable by all apps within that user and writeable by the local system
process.

Change-Id: I5ddde8c4a80f606e723bb41aa64581a0720842d5
2014-06-05 14:34:15 +00:00
Brian Carlstrom
856bc78efc Move to dalvik.vm.lib.2 to force default to libart
Bug: 14298175

(cherry picked from commit c4ac3124ff)

Change-Id: I97cc3ff7a269e671b315afa8673dae43d1f86bf1
2014-05-28 14:48:36 -07:00
Stephen Smalley
3a98389263 Ensure that app lib symlinks are correctly labeled when created.
At present, the app lib symlinks are created before setting
the package directory security context, and therefore default
to system_data_file.  Upon a later restorecon_recursive,
they are relabeled to the same type as the package directory,
e.g. app_data_file.  Avoid this inconsistency by setting the
package directory security context before creating the symlink
so that it inherits the same security context.

Change-Id: I1ee6ccd8a2aa63a4d2efda67f313c97932235911
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-05-13 12:59:40 -04:00
Narayan Kamath
1b40032077 Add instruction-set arguments to installd commands.
The instruction-set is used to construct the dalvik cache
path and is also passed down to dex2oat.

(cherry picked from commit 791781bfb8)

Change-Id: I43396b16f6eaecacf0fb7d052526fc5a239167ac
2014-05-01 11:38:02 +01:00
Chih-Wei Huang
0e8ae16f08 Fix incorrect odex path handling
It's wrong to just concatenate the apk_path and .odex.
The bug prevents the prebuilt odex being used since Kitkat.

The patch is copied from the code of JellyBean.

Change-Id: I0ce8a877e3df8ae1ab9a0e3aeeef2d5253efc223
2014-04-28 14:08:16 -07:00
Stephen Smalley
a240733137 restorecon the profile directory.
This is required so that it will be assigned the correct SELinux
security context on first creation by installd.

Bug: 13927667
Change-Id: I4857d031f9e7e60d48b8c72fcb22a81b3a2ebaaa
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-04-09 19:08:20 +00:00
Robert Craig
da30dc7336 Modify installd's restorecon function.
Changes above with PMS and below with libselinux
have resulted in a few changes to the restorecon data
api. This change is needed in order to support the new
way to issue a recursive restorecon of certain
/data/data directories.

The restorecondata function has also been modified to
find all users on the device for a given package name
(argument to the function) and to issue a separate
recursive restorecon call for each.

Change-Id: Ie440cba2c96f0907458086348197e1506d31c1b6
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2014-03-28 14:32:07 -04:00
Stephen Smalley
7abb52bcaf Send libselinux logging to logcat.
Otherwise we can't readily see log messages from libselinux calls
made by installd.

Change-Id: I319b30c181470468fe19dd5fbe9251ef03f1163b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-03-26 09:31:25 -04:00
Robert Craig
e9887e46ce Extend installd to support SELinux restorecon function.
Implement new restorecondata function which will allow
the relabeling of /data/data and /data/user directories.
This is needed in the case of certain OTAs. Not every
boot will apply this relabeling however. Consult change
I77bf2a0c4c34b1feef6fdf4d6c3bd92dbf32f4a1 for
clarification on this issue.

Change-Id: I05e8b438950ddb908e46c9168ea6ee601e6d674f
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2014-03-19 17:37:48 +00:00
Mark Salyzyn
92dc3fc52c native frameworks: 64-bit compile issues
- Fix format (print/scanf)
- Suppress unused argument warning messages (bonus)

Change-Id: I05c7724d2aba6da1e82a86000e11f3a8fef4e728
2014-03-12 13:12:44 -07:00
Anwar Ghuloum
4bc054019d Fix parameter ordering for installd's dex2oat execl.
Change-Id: Ibd6fd46c6ec3137874f9a3d5eea134bc804e039a
2014-03-11 15:42:58 -07:00
Dave Allison
d93707342a ART profiler
Add args to the installd commands for profiler usage.
Make installd create the profile files and allow apps
to write to them.

The profile files are in /data/dalvik-cache/profiles.  This
central location is needed due to permissions issues with
dex2oat reading from an app's data directory.  The solution
is to put the profile file in a directory owned by the
install user and make the file writeable by the shared group
id of for the app.  The app can read and write to these files
only in the profiles directory.  The 'system' user also needs
to be able to read the files in order to determine the amount
of change to the file over time.

Bug: 12877748
Change-Id: I9b8e59e3bd7df8a1bf60fa7ffd376a24ba0eb42f

Conflicts:
	cmds/installd/commands.c
2014-03-07 12:35:52 -08:00
Mathieu Chartier
f53dbfeda3 Don't pass in empty arg to dex2oat.
We would occassionally pass in an empty arg "" instead of a NULL.
This caused problems since dex2oat isn't made to handle empty args.

Change-Id: Ibb1aed64a4aa17459b2a75a5a2abcf13c7fa8ac7
2014-03-05 16:58:48 -08:00
Brian Carlstrom
0ae8e39ebc Add dalvik.vm.dex2oat-flags to mimic dalvik.vm.dexopt-flags
Change-Id: Ic048ed654ea0ae38c9684e5fa5b14742b6b83305
2014-03-04 14:11:55 -08:00
Ramin Zaghi
7400742285 Correcting include path in installd test project's Android.mk
installd project has moved from frameworks/base to frameworks/native
 and so its test project's c_include path defined in Android.mk
 has to match the change.

Change-Id: I597125ff659f51edbd9fc95371790e2d567c78be
2014-02-28 15:41:57 +00:00
Nick Kralevich
2044ac43e5 Merge "Convert all selinux_android_restorecon and _setfilecon calls to new API." 2014-02-12 23:09:45 +00:00
Stephen Smalley
26288202e7 Convert all selinux_android_restorecon and _setfilecon calls to new API.
libselinux selinux_android_restorecon API is changing to the more
general interface with flags and dropping the older variants.

Also get rid of the old, no longer used selinux_android_setfilecon API
and rename selinux_android_setfilecon2 to it as it is the only API in use.

Change-Id: I1e71ec398ccdc24cac4ec76f1b858d0f680f4925
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-02-07 09:36:11 -05:00
Mårten Kongstad
63568b1430 Runtime resource overlay, iteration 2
Support any number of overlay packages. Support any target package.

UPDATED PACKAGE MATCHING
------------------------
In Runtime resource overlay, iteration 1, only a single overlay package
was considered. Package matching was based on file paths:
/vendor/overlay/system/framework-res.apk corresponded to
/system/framework-res.apk. Introduce a more flexible matching scheme
where any package is an overlay package if its manifest includes

    <overlay targetPackage="com.target.package"/>

For security reasons, an overlay package must fulfill certain criteria
to take effect: see below.

THE IDMAP TOOL AND IDMAP FILES
------------------------------
Idmap files are created by the 'idmap' binary; idmap files must be
present when loading packages. For the Android system, Zygote calls
'idmap' as part of the resource pre-loading. For application packages,
'idmap' is invoked via 'installd' during package installation (similar
to 'dexopt').

UPDATED FLOW
------------
The following is an outline of the start-up sequences for the Android
system and Android apps. Steps marked with '+' are introduced by this
commit.

Zygote initialization
   Initial AssetManager object created
+    idmap --scan creates idmaps for overlays targeting 'android', \
           stores list of overlays in /data/resource-cache/overlays.list
   AssetManager caches framework-res.apk
+  AssetManager caches overlay packages listed in overlays.list

Android boot
   New AssetManager's ResTable acquired
     AssetManager re-uses cached framework-res.apk
+    AssetManager re-uses cached 'android' overlays (if any)

App boot
   ActivityThread prepares AssetManager to load app.apk
+  ActivityThread prepares AssetManager to load app overlays (if any)
   New AssetManager's ResTable acquired as per Android boot

SECURITY
--------
Overlay packages are required to be pre-loaded (in /vendor/overlay).
These packages are trusted by definition. A future iteration of runtime
resource overlay may add support for downloaded overlays, which would
likely require target and overlay signatures match for the overlay to
be trusted.

LOOKUP PRIORITY
---------------
During resource lookup, packages are sequentially queried to provide a
best match, given the constraints of the current configuration. If any
package provide a better match than what has been found so far, it
replaces the previous match. The target package is always queried last.

When loading a package with more than one overlay, the order in which
the overlays are added become significant if several packages overlay
the same resource.

Had downloaded overlays been supported, the install time could have been
used to determine the load order. Regardless, for pre-installed
overlays, the install time is randomly determined by the order in which
the Package Manager locates the packages during initial boot. To support
a well-defined order, pre-installed overlay packages are expected to
define an additional 'priority' attribute in their <overlay> tags:

    <overlay targetPackage="com.target.package" priority="1234"/>

Pre-installed overlays are loaded in order of their priority attributes,
sorted in ascending order.

Assigning the same priority to several overlays targeting the same base
package leads to undefined behaviour. It is the responsibility of the
vendor to avoid this.

The following example shows the ResTable and PackageGroups after loading
an application and two overlays. The resource lookup framework will
query the packages in the order C, B, A.

        +------+------+-     -+------+------+
        | 0x01 |      |  ...  |      | 0x7f |
        +------+------+-     -+------+------+
            |                           |
        "android"                Target package A
                                        |
                       Pre-installed overlay B (priority 1)
                                        |
                       Pre-installed overlay C (priority 2)

Change-Id: If49c963149369b1957f7d2303b3dd27f669ed24e
2014-02-03 16:16:40 +01:00
Brian Carlstrom
0c05d3aca6 frameworks/native: Rename persist.sys.dalvik.vm.lib to allow new default
Bug: 12798969
Change-Id: I6b40317eceb3d89b0acff88238a9a9ab423c4d78
2014-01-30 13:16:53 -08:00
Stephen Smalley
47a351834f restorecon /data/media when re-creating it for multi-user upgrade.
Change-Id: I112c61863f2104d1962697c54cff25106e9b48a0
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-12-17 16:04:20 -05:00
Nick Kralevich
bef08b8d1b Merge "Handle policy reloads within installd rather than restarting it." 2013-11-27 21:09:13 +00:00
Nick Kralevich
e4e91c4ead resolved conflicts for merge of e678897f to klp-dev-plus-aosp
Change-Id: Ie2a5e7a917ab7f5a0ee98300b880d22c7a10bf70
2013-09-20 12:45:20 -07:00
Robert Craig
880d1a957e Proper security labeling of multi-user data directories.
Add seinfo paramater to appropriate make directory
functions. This allows proper labeling for multi-user
scenarios.

Change-Id: Iaba7c40645bc7b6cc823d613da0c3782acf6ddd5
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2013-09-18 13:21:12 +00:00
Stephen Smalley
bd558d6187 Handle policy reloads within installd rather than restarting it.
Restarting installd upon policy reloads has reportedly caused
stability problems for some users.  Stop restarting installd
and instead handle policy reloads within it.

Change-Id: I697a736d8e414cfc6cfa131ed7b97c7f7694d022
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-07-26 15:48:07 -04:00
Jeff Sharkey
abe4fe5b46 Change legacy "persona" references to userid_t.
Offers stronger typing with no functional change.

Change-Id: I09f0262470feec5cfdf26658f998c20550af84d4
2013-07-15 15:16:10 -07:00
Brian Carlstrom
e7a8b17e37 Renaming dalvik.vm.lib to persist.sys.dalvik.vm.lib
Change-Id: If31695e04bb813eb75b2fdd00e5d70ced4fbb0e9
2013-07-10 09:51:20 -07:00
Brian Carlstrom
1705fc44fb Moving dex2oat installd patches from frameworks/base
(cherry picked from commit 3fa3a652ba9a7c5b23b6f2bc7c1851d4e23e430f)

Change-Id: I2f9bb66e1b0463bef41805f2d220160880121813
2013-06-19 23:20:49 -07:00
Dianne Hackborn
8b41780d73 Fix issue #8768456: Settings > App Info under reports...
...app storage size for apps w/ .so files

The lib directories are tagged with the apk install number,
so must be explicitly passed down to installd.

Change-Id: Iae8815afd6ba964f5b2ed86a0d04a91827391ed6
2013-05-01 18:55:10 -07:00
Ying Wang
8a0cb4ee0b Add liblog
Bug: 8580410
Change-Id: I2ca4fa00dde0b574df3619134836bcb9315bd506
2013-04-09 21:55:39 -07:00
Robert Craig
4d3fd4e998 Add seinfo parsing to PackageManagerService.
This patch set allows the PMS to parse the
mac_permissions.xml file which contains the
seinfo values. Each package that is installed
on the device will be assigned an seinfo value
based on policy. This seinfo value will help label
the app process and data directory.  Modifications
include adjustments to ApplicationInfo.java
to store the seinfo tag per package as well as
adjustments to installd to communicate the seinfo
tag to libselinux.

Change-Id: I61ad1ea12fb6a9a6d0b108ec163bc4bf4c954b58
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2013-03-25 17:37:51 -07:00
Nick Kralevich
d747129e1e installd: use correct header file.
This is a port of https://android-review.googlesource.com/52540 ,
which doesn't apply cleanly to master.

Change-Id: I2824bb7afd4e343b5dc8bed9f24002ec1dcbf07f
2013-02-28 16:59:13 -08:00
Nick Kralevich
a2d838a542 Revert "App home directories are now 0700 for targetSdkVersion > 17"
This reverts commit 7f5c84a0b2.

Bug: 7966399
Bug: 7208882
Change-Id: I9fb13cf06c0f6605f3d992525346b14fe3259c66
2013-01-09 16:00:53 -08:00
Nick Kralevich
7f5c84a0b2 App home directories are now 0700 for targetSdkVersion > 17
Have installd set an app's home directory permissions to
0700 if the app has targetSdkVersion > 17.

Bug: 7208882
Change-Id: Iaa4fc42fec69bc1abdfae53704d6264dd6fa965f
2012-12-14 11:53:14 -08:00