diff options
| author | 2019-02-08 00:36:00 +0000 | |
|---|---|---|
| committer | 2019-02-08 00:36:00 +0000 | |
| commit | 82c999d7f93b8d0704d6f89011f1dbd39b51ba2a (patch) | |
| tree | 7e401e3787103dcf3207f371f6537a3cee5596f2 | |
| parent | aa5f08ea723f792628a1e88248678e6fc24e6574 (diff) | |
| parent | 03fd40b36e1823d12f5c8b89212a708c7a866cfd (diff) | |
Merge "Remove sandbox specific bind mounts from root namespace."
| -rw-r--r-- | core/java/android/os/Process.java | 6 | ||||
| -rw-r--r-- | core/java/android/os/ZygoteProcess.java | 11 | ||||
| -rw-r--r-- | core/java/android/os/storage/StorageManagerInternal.java | 5 | ||||
| -rw-r--r-- | core/java/com/android/internal/os/Zygote.java | 15 | ||||
| -rw-r--r-- | core/java/com/android/internal/os/ZygoteArguments.java | 8 | ||||
| -rw-r--r-- | core/java/com/android/internal/os/ZygoteConnection.java | 2 | ||||
| -rw-r--r-- | core/jni/com_android_internal_os_Zygote.cpp | 58 | ||||
| -rw-r--r-- | services/core/java/com/android/server/StorageManagerService.java | 11 | ||||
| -rw-r--r-- | services/core/java/com/android/server/am/ProcessList.java | 11 |
9 files changed, 73 insertions, 54 deletions
diff --git a/core/java/android/os/Process.java b/core/java/android/os/Process.java index d2ab053eb4e6..9e97e375753c 100644 --- a/core/java/android/os/Process.java +++ b/core/java/android/os/Process.java @@ -526,11 +526,12 @@ public class Process { @Nullable String packageName, @Nullable String[] packagesForUid, @Nullable String[] visibleVols, + @Nullable String sandboxId, @Nullable String[] zygoteArgs) { return ZYGOTE_PROCESS.start(processClass, niceName, uid, gid, gids, runtimeFlags, mountExternal, targetSdkVersion, seInfo, abi, instructionSet, appDataDir, invokeWith, packageName, - packagesForUid, visibleVols, /*useBlastulaPool=*/ true, zygoteArgs); + packagesForUid, visibleVols, sandboxId, /*useBlastulaPool=*/ true, zygoteArgs); } /** @hide */ @@ -547,11 +548,12 @@ public class Process { @Nullable String packageName, @Nullable String[] packagesForUid, @Nullable String[] visibleVols, + @Nullable String sandboxId, @Nullable String[] zygoteArgs) { return WebViewZygote.getProcess().start(processClass, niceName, uid, gid, gids, runtimeFlags, mountExternal, targetSdkVersion, seInfo, abi, instructionSet, appDataDir, invokeWith, packageName, - packagesForUid, visibleVols, /*useBlastulaPool=*/ false, zygoteArgs); + packagesForUid, visibleVols, sandboxId, /*useBlastulaPool=*/ false, zygoteArgs); } /** diff --git a/core/java/android/os/ZygoteProcess.java b/core/java/android/os/ZygoteProcess.java index e94ad2b8989e..ee3d35427b29 100644 --- a/core/java/android/os/ZygoteProcess.java +++ b/core/java/android/os/ZygoteProcess.java @@ -324,13 +324,15 @@ public class ZygoteProcess { @Nullable String packageName, @Nullable String[] packagesForUid, @Nullable String[] visibleVols, + @Nullable String sandboxId, boolean useBlastulaPool, @Nullable String[] zygoteArgs) { try { return startViaZygote(processClass, niceName, uid, gid, gids, runtimeFlags, mountExternal, targetSdkVersion, seInfo, abi, instructionSet, appDataDir, invokeWith, /*startChildZygote=*/false, - packageName, packagesForUid, visibleVols, useBlastulaPool, zygoteArgs); + packageName, packagesForUid, visibleVols, sandboxId, + useBlastulaPool, zygoteArgs); } catch (ZygoteStartFailedEx ex) { Log.e(LOG_TAG, "Starting VM process through Zygote failed"); @@ -541,6 +543,7 @@ public class ZygoteProcess { @Nullable String packageName, @Nullable String[] packagesForUid, @Nullable String[] visibleVols, + @Nullable String sandboxId, boolean useBlastulaPool, @Nullable String[] extraArgs) throws ZygoteStartFailedEx { @@ -639,6 +642,10 @@ public class ZygoteProcess { argsForZygote.add(sb.toString()); } + if (sandboxId != null) { + argsForZygote.add("--sandbox-id=" + sandboxId); + } + argsForZygote.add(processClass); if (extraArgs != null) { @@ -1014,7 +1021,7 @@ public class ZygoteProcess { gids, runtimeFlags, 0 /* mountExternal */, 0 /* targetSdkVersion */, seInfo, abi, instructionSet, null /* appDataDir */, null /* invokeWith */, true /* startChildZygote */, null /* packageName */, - null /* packagesForUid */, null /* visibleVolumes */, + null /* packagesForUid */, null /* visibleVolumes */, null /* sandboxId */, false /* useBlastulaPool */, extraArgs); } catch (ZygoteStartFailedEx ex) { throw new RuntimeException("Starting child-zygote through Zygote failed", ex); diff --git a/core/java/android/os/storage/StorageManagerInternal.java b/core/java/android/os/storage/StorageManagerInternal.java index f521c683896e..03b2c2c4c6f2 100644 --- a/core/java/android/os/storage/StorageManagerInternal.java +++ b/core/java/android/os/storage/StorageManagerInternal.java @@ -132,4 +132,9 @@ public abstract class StorageManagerInternal { * @param listener The listener that will be notified on reset events. */ public abstract void addResetListener(ResetListener listener); + + /** + * Return the sandboxId for the given package on external storage. + */ + public abstract String getSandboxId(String packageName); } diff --git a/core/java/com/android/internal/os/Zygote.java b/core/java/com/android/internal/os/Zygote.java index 8b669d5db8df..40d78688cb4c 100644 --- a/core/java/com/android/internal/os/Zygote.java +++ b/core/java/com/android/internal/os/Zygote.java @@ -254,14 +254,14 @@ public final class Zygote { public static int forkAndSpecialize(int uid, int gid, int[] gids, int runtimeFlags, int[][] rlimits, int mountExternal, String seInfo, String niceName, int[] fdsToClose, int[] fdsToIgnore, boolean startChildZygote, String instructionSet, String appDataDir, - String packageName, String[] packagesForUID, String[] visibleVolIDs) { + String packageName, String[] packagesForUID, String[] visibleVolIDs, String sandboxId) { ZygoteHooks.preFork(); // Resets nice priority for zygote process. resetNicePriority(); int pid = nativeForkAndSpecialize( uid, gid, gids, runtimeFlags, rlimits, mountExternal, seInfo, niceName, fdsToClose, fdsToIgnore, startChildZygote, instructionSet, appDataDir, packageName, - packagesForUID, visibleVolIDs); + packagesForUID, visibleVolIDs, sandboxId); // Enable tracing as soon as possible for the child process. if (pid == 0) { Trace.setTracingEnabled(true, runtimeFlags); @@ -276,7 +276,8 @@ public final class Zygote { private static native int nativeForkAndSpecialize(int uid, int gid, int[] gids, int runtimeFlags, int[][] rlimits, int mountExternal, String seInfo, String niceName, int[] fdsToClose, int[] fdsToIgnore, boolean startChildZygote, String instructionSet, - String appDataDir, String packageName, String[] packagesForUID, String[] visibleVolIDs); + String appDataDir, String packageName, String[] packagesForUID, String[] visibleVolIDs, + String sandboxId); /** * Specialize a Blastula instance. The current VM must have been started @@ -302,11 +303,11 @@ public final class Zygote { public static void specializeBlastula(int uid, int gid, int[] gids, int runtimeFlags, int[][] rlimits, int mountExternal, String seInfo, String niceName, boolean startChildZygote, String instructionSet, String appDataDir, String packageName, - String[] packagesForUID, String[] visibleVolIDs) { + String[] packagesForUID, String[] visibleVolIDs, String sandboxId) { nativeSpecializeBlastula(uid, gid, gids, runtimeFlags, rlimits, mountExternal, seInfo, niceName, startChildZygote, instructionSet, appDataDir, - packageName, packagesForUID, visibleVolIDs); + packageName, packagesForUID, visibleVolIDs, sandboxId); // Enable tracing as soon as possible for the child process. Trace.setTracingEnabled(true, runtimeFlags); @@ -326,7 +327,7 @@ public final class Zygote { private static native void nativeSpecializeBlastula(int uid, int gid, int[] gids, int runtimeFlags, int[][] rlimits, int mountExternal, String seInfo, String niceName, boolean startChildZygote, String instructionSet, String appDataDir, String packageName, - String[] packagesForUID, String[] visibleVolIDs); + String[] packagesForUID, String[] visibleVolIDs, String sandboxId); /** * Called to do any initialization before starting an application. @@ -638,7 +639,7 @@ public final class Zygote { args.mRuntimeFlags, rlimits, args.mMountExternal, args.mSeInfo, args.mNiceName, args.mStartChildZygote, args.mInstructionSet, args.mAppDataDir, args.mPackageName, - args.mPackagesForUid, args.mVisibleVolIds); + args.mPackagesForUid, args.mVisibleVolIds, args.mSandboxId); if (args.mNiceName != null) { Process.setArgV0(args.mNiceName); diff --git a/core/java/com/android/internal/os/ZygoteArguments.java b/core/java/com/android/internal/os/ZygoteArguments.java index 24a08ca5b1e0..e6bcd37ad3e5 100644 --- a/core/java/com/android/internal/os/ZygoteArguments.java +++ b/core/java/com/android/internal/os/ZygoteArguments.java @@ -119,6 +119,9 @@ class ZygoteArguments { /** from --visible-vols */ String[] mVisibleVolIds; + /** from --sandbox-id */ + String mSandboxId; + /** * Any args after and including the first non-option arg (or after a '--') */ @@ -385,6 +388,11 @@ class ZygoteArguments { mPackagesForUid = arg.substring(arg.indexOf('=') + 1).split(","); } else if (arg.startsWith("--visible-vols=")) { mVisibleVolIds = arg.substring(arg.indexOf('=') + 1).split(","); + } else if (arg.startsWith("--sandbox-id=")) { + if (mSandboxId != null) { + throw new IllegalArgumentException("Duplicate arg specified"); + } + mSandboxId = arg.substring(arg.indexOf('=') + 1); } else { break; } diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java index 4ac7f5012613..9cf7e2770e86 100644 --- a/core/java/com/android/internal/os/ZygoteConnection.java +++ b/core/java/com/android/internal/os/ZygoteConnection.java @@ -258,7 +258,7 @@ class ZygoteConnection { parsedArgs.mRuntimeFlags, rlimits, parsedArgs.mMountExternal, parsedArgs.mSeInfo, parsedArgs.mNiceName, fdsToClose, fdsToIgnore, parsedArgs.mStartChildZygote, parsedArgs.mInstructionSet, parsedArgs.mAppDataDir, parsedArgs.mPackageName, - parsedArgs.mPackagesForUid, parsedArgs.mVisibleVolIds); + parsedArgs.mPackagesForUid, parsedArgs.mVisibleVolIds, parsedArgs.mSandboxId); try { if (pid == 0) { diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp index 0ef4f874f583..bbe89d60c7f5 100644 --- a/core/jni/com_android_internal_os_Zygote.cpp +++ b/core/jni/com_android_internal_os_Zygote.cpp @@ -620,15 +620,10 @@ static void CreatePkgSandbox(uid_t uid, const std::string& package_name, fail_fn static void BindMount(const std::string& sourceDir, const std::string& targetDir, fail_fn_t fail_fn) { if (TEMP_FAILURE_RETRY(mount(sourceDir.c_str(), targetDir.c_str(), nullptr, - MS_BIND | MS_REC, nullptr)) == -1) { + MS_BIND, nullptr)) == -1) { fail_fn(CREATE_ERROR("Failed to mount %s to %s: %s", sourceDir.c_str(), targetDir.c_str(), strerror(errno))); } - - if (TEMP_FAILURE_RETRY(mount(nullptr, targetDir.c_str(), nullptr, - MS_SLAVE | MS_REC, nullptr)) == -1) { - fail_fn(CREATE_ERROR("Failed to set MS_SLAVE for %s", targetDir.c_str())); - } } static void MountPkgSpecificDir(const std::string& mntSourceRoot, @@ -646,24 +641,8 @@ static void MountPkgSpecificDir(const std::string& mntSourceRoot, static void PreparePkgSpecificDirs(const std::vector<std::string>& packageNames, const std::vector<std::string>& volumeLabels, - bool mountAllObbs, userid_t userId, fail_fn_t fail_fn) { - if (volumeLabels.size() > 0) { - std::string sandboxDataDir = StringPrintf("/storage/%s", volumeLabels[0].c_str()); - if (volumeLabels[0] == "emulated") { - StringAppendF(&sandboxDataDir, "/%d", userId); - } - StringAppendF(&sandboxDataDir, "/Android/data/%s", packageNames[0].c_str()); - struct stat sb; - if (TEMP_FAILURE_RETRY(lstat(sandboxDataDir.c_str(), &sb)) == -1) { - if (errno == ENOENT) { - ALOGD("Sandbox not fully prepared for %s", sandboxDataDir.c_str()); - return; - } else { - fail_fn(CREATE_ERROR("Failed to lstat %s: %s", - sandboxDataDir.c_str(), strerror(errno))); - } - } - } + bool mountAllObbs, const std::string& sandboxId, + userid_t userId, fail_fn_t fail_fn) { for (auto& label : volumeLabels) { std::string mntSource = StringPrintf("/mnt/runtime/write/%s", label.c_str()); std::string mntTarget = StringPrintf("/storage/%s", label.c_str()); @@ -672,6 +651,10 @@ static void PreparePkgSpecificDirs(const std::vector<std::string>& packageNames, StringAppendF(&mntTarget, "/%d", userId); } + std::string sandboxSource = StringPrintf("%s/Android/sandbox/%s", + mntSource.c_str(), sandboxId.c_str()); + BindMount(sandboxSource, mntTarget, fail_fn); + for (auto& package : packageNames) { MountPkgSpecificDir(mntSource, mntTarget, package, "data", fail_fn); MountPkgSpecificDir(mntSource, mntTarget, package, "media", fail_fn); @@ -693,7 +676,8 @@ static void PreparePkgSpecificDirs(const std::vector<std::string>& packageNames, static void MountEmulatedStorage(uid_t uid, jint mount_mode, bool force_mount_namespace, const std::string& package_name, const std::vector<std::string>& packages_for_uid, - const std::vector<std::string>& visible_vol_ids, fail_fn_t fail_fn) { + const std::vector<std::string>& visible_vol_ids, const std::string& sandbox_id, + fail_fn_t fail_fn) { // See storage config details at http://source.android.com/tech/storage/ String8 storageSource; @@ -744,7 +728,7 @@ static void MountEmulatedStorage(uid_t uid, jint mount_mode, strerror(errno))); } } else { - if (package_name.empty()) { + if (package_name.empty() || sandbox_id.empty()) { return; } @@ -790,7 +774,7 @@ static void MountEmulatedStorage(uid_t uid, jint mount_mode, // care of by vold later. if (sandboxAlreadyCreated) { PreparePkgSpecificDirs(packages_for_uid, visible_vol_ids, - mount_mode == MOUNT_EXTERNAL_INSTALLER, user_id, fail_fn); + mount_mode == MOUNT_EXTERNAL_INSTALLER, sandbox_id, user_id, fail_fn); } } } else { @@ -1127,7 +1111,7 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids, bool is_child_zygote, jstring managed_instruction_set, jstring managed_app_data_dir, jstring managed_package_name, jobjectArray managed_pacakges_for_uid, - jobjectArray managed_visible_vol_ids) { + jobjectArray managed_visible_vol_ids, jstring managed_sandbox_id) { const char* process_name = is_system_server ? "system_server" : "zygote"; auto fail_fn = std::bind(ZygoteFailure, env, process_name, managed_nice_name, _1); auto extract_fn = std::bind(ExtractJString, env, process_name, managed_nice_name, _1); @@ -1137,6 +1121,7 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids, auto instruction_set = extract_fn(managed_instruction_set); auto app_data_dir = extract_fn(managed_app_data_dir); auto package_name = extract_fn(managed_package_name); + auto sandbox_id = extract_fn(managed_sandbox_id); // Keep capabilities across UID change, unless we're staying root. if (uid != 0) { @@ -1179,7 +1164,7 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids, value_or(std::vector<std::string>()); MountEmulatedStorage(uid, mount_external, use_native_bridge, package_name.value(), - packages_for_uid, visible_vol_ids, fail_fn); + packages_for_uid, visible_vol_ids, sandbox_id.value_or(""), fail_fn); // If this zygote isn't root, it won't be able to create a process group, // since the directory is owned by root. @@ -1479,7 +1464,7 @@ static jint com_android_internal_os_Zygote_nativeForkAndSpecialize( jint mount_external, jstring se_info, jstring nice_name, jintArray managed_fds_to_close, jintArray managed_fds_to_ignore, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jstring package_name, - jobjectArray packages_for_uid, jobjectArray visible_vol_ids) { + jobjectArray packages_for_uid, jobjectArray visible_vol_ids, jstring sandbox_id) { jlong capabilities = CalculateCapabilities(env, uid, gid, gids, is_child_zygote); if (UNLIKELY(managed_fds_to_close == nullptr)) { @@ -1511,7 +1496,7 @@ static jint com_android_internal_os_Zygote_nativeForkAndSpecialize( capabilities, capabilities, mount_external, se_info, nice_name, false, is_child_zygote == JNI_TRUE, instruction_set, app_data_dir, - package_name, packages_for_uid, visible_vol_ids); + package_name, packages_for_uid, visible_vol_ids, sandbox_id); } return pid; } @@ -1537,7 +1522,7 @@ static jint com_android_internal_os_Zygote_nativeForkSystemServer( SpecializeCommon(env, uid, gid, gids, runtime_flags, rlimits, permitted_capabilities, effective_capabilities, MOUNT_EXTERNAL_DEFAULT, nullptr, nullptr, true, - false, nullptr, nullptr, nullptr, nullptr, nullptr); + false, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr); } else if (pid > 0) { // The zygote process checks whether the child process has died or not. ALOGI("System server process %d has been created", pid); @@ -1691,14 +1676,15 @@ static void com_android_internal_os_Zygote_nativeSpecializeBlastula( jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, - jstring package_name, jobjectArray packages_for_uid, jobjectArray visible_vol_ids) { + jstring package_name, jobjectArray packages_for_uid, jobjectArray visible_vol_ids, + jstring sandbox_id) { jlong capabilities = CalculateCapabilities(env, uid, gid, gids, is_child_zygote); SpecializeCommon(env, uid, gid, gids, runtime_flags, rlimits, capabilities, capabilities, mount_external, se_info, nice_name, false, is_child_zygote == JNI_TRUE, instruction_set, app_data_dir, - package_name, packages_for_uid, visible_vol_ids); + package_name, packages_for_uid, visible_vol_ids, sandbox_id); } /** @@ -1789,7 +1775,7 @@ static const JNINativeMethod gMethods[] = { { "nativeSecurityInit", "()V", (void *) com_android_internal_os_Zygote_nativeSecurityInit }, { "nativeForkAndSpecialize", - "(II[II[[IILjava/lang/String;Ljava/lang/String;[I[IZLjava/lang/String;Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;[Ljava/lang/String;)I", + "(II[II[[IILjava/lang/String;Ljava/lang/String;[I[IZLjava/lang/String;Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;[Ljava/lang/String;Ljava/lang/String;)I", (void *) com_android_internal_os_Zygote_nativeForkAndSpecialize }, { "nativeForkSystemServer", "(II[II[[IJJ)I", (void *) com_android_internal_os_Zygote_nativeForkSystemServer }, @@ -1804,7 +1790,7 @@ static const JNINativeMethod gMethods[] = { { "nativeForkBlastula", "(II[I)I", (void *) com_android_internal_os_Zygote_nativeForkBlastula }, { "nativeSpecializeBlastula", - "(II[II[[IILjava/lang/String;Ljava/lang/String;ZLjava/lang/String;Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;[Ljava/lang/String;)V", + "(II[II[[IILjava/lang/String;Ljava/lang/String;ZLjava/lang/String;Ljava/lang/String;Ljava/lang/String;[Ljava/lang/String;[Ljava/lang/String;Ljava/lang/String;)V", (void *) com_android_internal_os_Zygote_nativeSpecializeBlastula }, { "nativeGetSocketFDs", "(Z)V", (void *) com_android_internal_os_Zygote_nativeGetSocketFDs }, diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java index f2329d3ebf8e..e7d7434b5dc8 100644 --- a/services/core/java/com/android/server/StorageManagerService.java +++ b/services/core/java/com/android/server/StorageManagerService.java @@ -4013,7 +4013,7 @@ class StorageManagerService extends IStorageManager.Stub return; } userPackages.add(packageName); - sandboxId = getSandboxId(packageName, sharedUserId); + sandboxId = StorageManagerService.this.getSandboxId(packageName, sharedUserId); } try { @@ -4028,7 +4028,8 @@ class StorageManagerService extends IStorageManager.Stub if (!ENABLE_ISOLATED_STORAGE) { return; } - final String sandboxId = getSandboxId(packageName, sharedUserId); + final String sandboxId = StorageManagerService.this.getSandboxId( + packageName, sharedUserId); synchronized (mPackagesLock) { final ArraySet<String> userPackages = mPackages.get(userId); // If the userPackages is null, it means the user is not started but we still @@ -4056,6 +4057,12 @@ class StorageManagerService extends IStorageManager.Stub return visibleVolsForUser.toArray(new String[visibleVolsForUser.size()]); } + @Override + public String getSandboxId(String packageName) { + return StorageManagerService.this.getSandboxId(packageName, + mPmInternal.getSharedUserIdForPackage(packageName)); + } + private String getVolumeLabel(VolumeInfo vol) { // STOPSHIP: Label needs to part of VolumeInfo and need to be passed on from vold switch (vol.getType()) { diff --git a/services/core/java/com/android/server/am/ProcessList.java b/services/core/java/com/android/server/am/ProcessList.java index 69cf54b5528a..6ae671f539da 100644 --- a/services/core/java/com/android/server/am/ProcessList.java +++ b/services/core/java/com/android/server/am/ProcessList.java @@ -1740,8 +1740,11 @@ public final class ProcessList { try { final String[] packageNames = mService.mContext.getPackageManager() .getPackagesForUid(uid); - final String[] visibleVolIds = LocalServices.getService(StorageManagerInternal.class) + final StorageManagerInternal storageManagerInternal = + LocalServices.getService(StorageManagerInternal.class); + final String[] visibleVolIds = storageManagerInternal .getVisibleVolumesForUser(UserHandle.getUserId(uid)); + final String sandboxId = storageManagerInternal.getSandboxId(app.info.packageName); Trace.traceBegin(Trace.TRACE_TAG_ACTIVITY_MANAGER, "Start proc: " + app.processName); checkSlow(startTime, "startProcess: asking zygote to start proc"); @@ -1751,7 +1754,7 @@ public final class ProcessList { app.processName, uid, uid, gids, runtimeFlags, mountExternal, app.info.targetSdkVersion, seInfo, requiredAbi, instructionSet, app.info.dataDir, null, app.info.packageName, - packageNames, visibleVolIds, + packageNames, visibleVolIds, sandboxId, new String[] {PROC_START_SEQ_IDENT + app.startSeq}); } else if (hostingType.equals("app_zygote")) { final AppZygote appZygote = createAppZygoteForProcessIfNeeded(app); @@ -1760,14 +1763,14 @@ public final class ProcessList { app.processName, uid, uid, gids, runtimeFlags, mountExternal, app.info.targetSdkVersion, seInfo, requiredAbi, instructionSet, app.info.dataDir, null, app.info.packageName, - packageNames, visibleVolIds, /*useBlastulaPool=*/ false, + packageNames, visibleVolIds, sandboxId, /*useBlastulaPool=*/ false, new String[] {PROC_START_SEQ_IDENT + app.startSeq}); } else { startResult = Process.start(entryPoint, app.processName, uid, uid, gids, runtimeFlags, mountExternal, app.info.targetSdkVersion, seInfo, requiredAbi, instructionSet, app.info.dataDir, invokeWith, app.info.packageName, - packageNames, visibleVolIds, + packageNames, visibleVolIds, sandboxId, new String[] {PROC_START_SEQ_IDENT + app.startSeq}); } checkSlow(startTime, "startProcess: returned from zygote!"); |