From 7a514d6327d1b10a34431e05ae3f8fd752f23208 Mon Sep 17 00:00:00 2001 From: Calin Juravle Date: Wed, 2 May 2018 23:39:19 -0700 Subject: Properly prepare system server profiles Update the logic for system server profiles to work without disabling SELinux policies. Test: check that system_server profile is created without disabling SElinux Bug: 74081010 (cherry picked from commit 3f3a08ad0d93e29703597f780ff7d1b3b4a1facb) Merged-Id: I63ffadfbe6850992634d0720fb077a4dc65b5736 Change-Id: I63ffadfbe6850992634d0720fb077a4dc65b5736 --- core/java/com/android/internal/os/ZygoteInit.java | 40 +++++++++++++++++++---- 1 file changed, 33 insertions(+), 7 deletions(-) diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java index c8e71021956c..1e86e0eae64b 100644 --- a/core/java/com/android/internal/os/ZygoteInit.java +++ b/core/java/com/android/internal/os/ZygoteInit.java @@ -35,6 +35,7 @@ import android.os.ServiceSpecificException; import android.os.SystemClock; import android.os.SystemProperties; import android.os.Trace; +import android.os.UserHandle; import android.os.ZygoteProcess; import android.os.storage.StorageManager; import android.security.keystore.AndroidKeyStoreProvider; @@ -466,13 +467,7 @@ public class ZygoteInit { "dalvik.vm.profilesystemserver", false); if (profileSystemServer && (Build.IS_USERDEBUG || Build.IS_ENG)) { try { - File profileDir = Environment.getDataProfilesDePackageDirectory( - Process.SYSTEM_UID, "system_server"); - File profile = new File(profileDir, "primary.prof"); - profile.getParentFile().mkdirs(); - profile.createNewFile(); - String[] codePaths = systemServerClasspath.split(":"); - VMRuntime.registerAppInfo(profile.getPath(), codePaths); + prepareSystemServerProfile(systemServerClasspath); } catch (Exception e) { Log.wtf(TAG, "Failed to set up system server profile", e); } @@ -514,6 +509,37 @@ public class ZygoteInit { /* should never reach here */ } + /** + * Note that preparing the profiles for system server does not require special + * selinux permissions. From the installer perspective the system server is a regular package + * which can capture profile information. + */ + private static void prepareSystemServerProfile(String systemServerClasspath) + throws RemoteException { + if (systemServerClasspath.isEmpty()) { + return; + } + String[] codePaths = systemServerClasspath.split(":"); + + final IInstalld installd = IInstalld.Stub + .asInterface(ServiceManager.getService("installd")); + + String systemServerPackageName = "android"; + String systemServerProfileName = "primary.prof"; + installd.prepareAppProfile( + systemServerPackageName, + UserHandle.USER_SYSTEM, + UserHandle.getAppId(Process.SYSTEM_UID), + systemServerProfileName, + codePaths[0], + /*dexMetadata*/ null); + + File profileDir = Environment.getDataProfilesDePackageDirectory( + UserHandle.USER_SYSTEM, systemServerPackageName); + String profilePath = new File(profileDir, systemServerProfileName).getAbsolutePath(); + VMRuntime.registerAppInfo(profilePath, codePaths); + } + public static void setApiBlacklistExemptions(String[] exemptions) { VMRuntime.getRuntime().setHiddenApiExemptions(exemptions); } -- cgit v1.2.3-59-g8ed1b