diff options
| author | 2017-09-13 14:21:00 +0100 | |
|---|---|---|
| committer | 2017-09-13 14:21:00 +0100 | |
| commit | 1f88ad66e14e5c4470eff7c450ee25f804d9ff72 (patch) | |
| tree | 63352b9e375ab7d72968de36f794bbe1ab95073f | |
| parent | 60eae6e621917756da348a2c4ef3185832915383 (diff) | |
Special handling of priv-apps in Zygote.
If pm.dexopt.priv-apps is set to false, disable verifier and
only allow loading oat files from system.
bug: 30972906
bug: 63920015
Test: works as expected when pm.dexopt.priv-apps is true or false
Change-Id: Ib9e80c9b7b4106e82c0b9d1c7fbb8065c190ac1f
| -rw-r--r-- | core/java/com/android/internal/os/Zygote.java | 5 | ||||
| -rw-r--r-- | services/core/java/com/android/server/am/ActivityManagerService.java | 6 |
2 files changed, 11 insertions, 0 deletions
diff --git a/core/java/com/android/internal/os/Zygote.java b/core/java/com/android/internal/os/Zygote.java index e159495770a3..ec12c0df47a8 100644 --- a/core/java/com/android/internal/os/Zygote.java +++ b/core/java/com/android/internal/os/Zygote.java @@ -51,6 +51,11 @@ public final class Zygote { /** Make the code Java debuggable by turning off some optimizations. */ public static final int DEBUG_JAVA_DEBUGGABLE = 1 << 8; + /** Turn off the verifier. */ + public static final int DISABLE_VERIFIER = 1 << 9; + /** Only use oat files located in /system. Otherwise use dex/jar/apk . */ + public static final int ONLY_USE_SYSTEM_OAT_FILES = 1 << 10; + /** No external storage should be mounted. */ public static final int MOUNT_EXTERNAL_NONE = 0; /** Default external storage should be mounted. */ diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index c699a56282ca..b7144d4faa1c 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -3871,6 +3871,12 @@ public class ActivityManagerService extends IActivityManager.Stub mNativeDebuggingApp = null; } + if (app.info.isPrivilegedApp() && + !SystemProperties.getBoolean("pm.dexopt.priv-apps", true)) { + runtimeFlags |= Zygote.DISABLE_VERIFIER; + runtimeFlags |= Zygote.ONLY_USE_SYSTEM_OAT_FILES; + } + String invokeWith = null; if ((app.info.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0) { // Debuggable apps may include a wrapper script with their library directory. |