diff options
| author | 2024-12-31 15:51:20 +0800 | |
|---|---|---|
| committer | 2025-01-02 14:02:21 +0800 | |
| commit | d55b27a6070ccd89dbb25ca40622be5656cc99e5 (patch) | |
| tree | 3202288897268466d94c14b6efa751329e2c73c7 | |
| parent | 8664e2056a7ea05c639b9ae021f2538bde9de409 (diff) | |
Remove pid record mapping after killing process
Some methods may enforce the caller belongs to a valid process record.
If the record is removed before killing the process, there could be
a rare timing that the access of the process is considered as invalid.
Fix: 386548874
Flag: EXEMPT bugfix
Test: Hardcode delay:
SystemClock.sleep(SystemProperties.getInt("test-kill-delay", 0));
at the beginning of WindowManagerService#openSession
and before app.killLocked in removeProcessLocked.
adb shell setprop test-kill-delay 2000
Cold launch the target activity.
adb shell am stop-app $pkg
There is no exception when creating window Session from the app.
Change-Id: I4f440de6579e32dc5c6a885a0cc7243ba54695f4
| -rw-r--r-- | services/core/java/com/android/server/am/ProcessList.java | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/am/ProcessList.java b/services/core/java/com/android/server/am/ProcessList.java index bddde9d589f3..2216f2769826 100644 --- a/services/core/java/com/android/server/am/ProcessList.java +++ b/services/core/java/com/android/server/am/ProcessList.java @@ -3212,7 +3212,6 @@ public final class ProcessList { if ((pid > 0 && pid != ActivityManagerService.MY_PID) || (pid == 0 && app.isPendingStart())) { if (pid > 0) { - mService.removePidLocked(pid, app); app.setBindMountPending(false); mService.mHandler.removeMessages(PROC_START_TIMEOUT_MSG, app); mService.mBatteryStatsService.noteProcessFinish(app.processName, app.info.uid); @@ -3230,6 +3229,12 @@ public final class ProcessList { } } app.killLocked(reason, reasonCode, subReason, true, async); + if (pid > 0) { + // Remove pid record mapping after killing the process, so there won't be a short + // period that the app is still alive but its access to system may be illegal due + // to no existing record for its pid. + mService.removePidLocked(pid, app); + } mService.handleAppDiedLocked(app, pid, willRestart, allowRestart, false /* fromBinderDied */); if (willRestart) { |