From 198894291e3659187a963a6ac7c4e67c36f601cb Mon Sep 17 00:00:00 2001 From: Ricky Wai Date: Wed, 15 Jan 2020 01:59:00 +0000 Subject: Enable app data isolation by default Bug: 143937733 Test: Device boots normally Change-Id: Id936b70011e5aae64f701e571ac0b18f1ab6961e --- core/jni/com_android_internal_os_Zygote.cpp | 2 +- services/core/java/com/android/server/am/ProcessList.java | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp index 466544c1448e..85a03794ecb7 100644 --- a/core/jni/com_android_internal_os_Zygote.cpp +++ b/core/jni/com_android_internal_os_Zygote.cpp @@ -1331,7 +1331,7 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids, // Isolated process / webview / app zygote should be gated by SELinux and file permission // so they can't even traverse CE / DE directories. if (pkg_data_info_list != nullptr - && GetBoolProperty(ANDROID_APP_DATA_ISOLATION_ENABLED_PROPERTY, false)) { + && GetBoolProperty(ANDROID_APP_DATA_ISOLATION_ENABLED_PROPERTY, true)) { isolateAppData(env, pkg_data_info_list, uid, process_name, managed_nice_name, fail_fn); } diff --git a/services/core/java/com/android/server/am/ProcessList.java b/services/core/java/com/android/server/am/ProcessList.java index e11008c246dd..b7f867df04c2 100644 --- a/services/core/java/com/android/server/am/ProcessList.java +++ b/services/core/java/com/android/server/am/ProcessList.java @@ -647,11 +647,10 @@ public final class ProcessList { // Get this after boot, and won't be changed until it's rebooted, as we don't // want some apps enabled while some apps disabled mAppDataIsolationEnabled = - SystemProperties.getBoolean(ANDROID_APP_DATA_ISOLATION_ENABLED_PROPERTY, false); + SystemProperties.getBoolean(ANDROID_APP_DATA_ISOLATION_ENABLED_PROPERTY, true); mAppDataIsolationWhitelistedApps = new ArrayList<>( SystemConfig.getInstance().getAppDataIsolationWhitelistedApps()); - if (sKillHandler == null) { sKillThread = new ServiceThread(TAG + ":kill", THREAD_PRIORITY_BACKGROUND, true /* allowIo */); -- cgit v1.2.3-59-g8ed1b