During package scan, only the primary user data directories were
checked. If the secondary user didn't have an application directory, it
would happily ignore it. The app would then crash upon startup.
Bug: 7391882
Change-Id: I1fa92aa27386104d4ac6bc5dc92bfbf2e7dfac9f
Amazingly, some apps still don't use the nativeLibraryPath. So add a lib
symlink for non-primary users to fix that.
Also, there was an error when the symlink existed that it would give up.
This shouldn't really happen, but in that case, just remove it and
create a new one to be safe.
Also, move the downgrade code to the appropriate place. This downgrade
case triggered the above symlink existing bug.
Bug: 7318366
Bug: 7371571
Change-Id: Ia175b36d98f00bdc2f2433b909aafd524eb34d15
Count the lib symlink against the app's code size. Also be sure to
look at the new separate lib path for apps, and tweak the size
counting to also count the size of directory entries.
Change-Id: I4b0fd5771f249faa05fd72f08062df885902cc97
Now we correctly iterate through the different user cache dirs.
Also update documentation to describe the new cache pruning behavior,
and deprecate the file modes for making files world readable/writable
which we really don't want people using any more.
Change-Id: I3708df3ddc697b1f5c511143cce7cc40a5a3d0bd
unlinklib is no longer necessary since libraries are now either stored
in an ASEC container or in /data/app-lib
Replace lib directory with a symlink to the /data/app-lib directory even
if it's a dangling link. That way developers don't name something "lib"
in their directory which gets blown away during an update.
Change-Id: I142cf13dba9c13aafbaf0ff8d5e9872cbf1cc910
installd was not creating a compatibility symlink when
installing a forward locked application. Fix.
Bug: 7121527
Change-Id: Ied507ab2b759d8658af563e6ac8f0dbb0d286cce
Make installd run with fewer privileges. This will help make
exploitation of installd based vulnerabilities more difficult
to perform.
installd now runs with the following privileges:
* CAP_DAC_OVERRIDE
* CAP_CHOWN
These two capabilities are needed to add and remove files
from application's home directories.
* CAP_SETUID
* CAP_SETGID
These permissions are needed to further drop privileges when
running dexopt as the application UID.
"installd" no longer runs with full root privileges. It cannot,
for example, mount and unmount filesystems, install modules,
perform direct I/O, etc.
Change-Id: Ib407e41e5e4c95f35a5c6a154812c5e8ae3006ed
To avoid downloading large OBB files separately for each user,
provide a shared view of /sdcard/Android/obb to all apps. Added
upgrade step to migrate the owners existing OBB files to become
the default view.
Bug: 7008879
Change-Id: I199321552fa7d4b97d5ed7fc3b3bc41f23618601
Most devices create the path in their init.rc, but create it just
to be sure. This fixes emulator boot failure.
Bug: 7058844
Change-Id: Icab3ce11c4304d972d13e1d9a0c269cfe05b9370
Introduce API to get per-user storage information, keep track
of services associated with users, and various small cleanup.
Change-Id: I5d4e784e7ff3cccfed627d66a090d2f464202634
Emulated external storage always has multi-user support using paths
like "/data/media/<user_id>". Creates and destroys these paths along
with user data. Uses new ensure_dir() to create directories while
always ensuring permissions.
Add external storage mount mode to zygote, supporting both single-
and multi-user devices. For example, devices with physical SD cards
are treated as single-user. Begin migrating to mount mode instead
of relying on sdcard_r GID to enforce READ_EXTERNAL_STORAGE.
Bug: 6925012
Change-Id: I9b872ded992cd078e2c013567d59f9f0032ec02b
The default umask changed, so we have to explicitly set the mode of the
lib directory when we create it in unlinklib.
Bug: 6857022
Change-Id: I06fc3f29e99d686bbbb96184d8c314d4cc57e9fe
This rewrites installd's code for deleting cache files to be better:
- Isn't really stupid about just deleting directories in the order
they are found on the filesytem; now collects all cache files and
sorts them by mod time to determine which to delete.
- Also deletes cache files in /data/media and for all users.
This also tweaks DeviceStorageMonitor to be a little smarter about
deciding when to flush cache files, having upper and lower limits
that it allows memory to get down to and then flash files to reach
the higher free storage limit. This should reduce the amount that
we perform flushing when starting to reach the storage limit.
Finally add a new pm command to force a cache flush.
Change-Id: I02229038e1ad553d1168393e5cb6d5025933271d
The latest push changed LOG(E|V) to ALOG(E|V) but it was not updated in HAVE_SELINUX blocks.
Change-Id: I626588589dd00775ba29f2a256ac29e481598dc3
Signed-off-by: Joshua Brindle <jbrindle@tresys.com>
...mismatched uid: X on disk, Y in settings" errors on Froyo and Gingerbread
Deal more gracefully with the uid changing in three ways:
1. If the uid on disk has become root, then have installd change it to
the application's uid. This is to correct a potential case where
installd was interrupted while linking or unlinking the libs dir,
during which it temporarily changes the owner of the dir to root
so that a malicious app can not get in its way. So if the uid on
disk has become root, we assume we can safely just change it back
to the correct uid.
2. When scaning packages at boot, use the same "delete and rebuild data
directory" code for third party applications as we have for system
applications. This allows us to at least end up in a state where the
app will run, even if its data is lost.
3. But we really don't want to get in to case 2, so if an application
update is being installed and we find that the uid we now have for
the app is different than the one on disk, fail the update. This will
protect against for example a developer changing the sharedUserId of
their app and getting into this bad state.
Bug: 6295373
Change-Id: Ic802fdd818ac62449ff3c61d1fff1aa4d4942f39
Make sure /data/user directory permissions get explicitly set
regardless of the system umask.
Change directory permissions to 0711. No need for read permissions.
Bug: 3272072
Change-Id: Ida7f3c6656f4e0c9d0a9f7648491cc853c4e44ca
Switching activity stacks
Cache ContentProvider per user
Long-press power to switch users (on phone)
Added ServiceMap for separating services by user
Launch PendingIntents on the correct user's uid
Fix task switching from Recents list
AppWidgetService is mostly working.
Commands added to pm and am to allow creating and switching profiles.
Change-Id: I15810e8cfbe50a04bd3323a7ef5a8ff4230870ed
installd already sets the UID/GID/mode for package directories.
Extend it to also call libselinux to set the SELinux security context.
Change-Id: I22d38e3e7facdfcee20a34bf30f1412dbb87761f
This broke with some other path-related changes, so it was scanning for
/data/*/cache instead of /data/data/*/cache
Also remove redundant call to restat
Bug: 5686310
Change-Id: Id1661f0f1337858fc9ead53c56ab7557f421c591
...for Market App iRunner
There were a lot of serious issues with how we updated (or often didn't update)
the display and resource state when switching compatibility mode in conjunction
with restarting and updating application components. This addresses everything
I could find.
Unfortunately it does *not* fix this particular app. I am starting to think this
is just an issue in the app. This change does fix a number of other problems
I could repro, such as switching the compatibility mode of an IME.
Also a few changes here and there to get rid of $#*&^!! debug logs.
Change-Id: Ib15572eac9ec93b4b9966ddcbbc830ce9dec1317
- Create /data/user directory and symlink /data/user/0 -> /data/data for
backward compatibility
- Create data directories for all packages for new user
- Remove data directories when removing a user
- Create data directories for all users when a package is created
- Clear / Remove data for multiple users
- Fixed a bug in verifying the location of a system app
- pm commands for createUser and removeUser (will be disabled later)
- symlink duplicate lib directories to the original lib directory
Change-Id: Id9fdfcf0e62406a8896aa811314dfc08d5f6ed95
* Add ability to select different personas to generate the path to be
created.
* Move hardcoded paths to read from init's set environment.
* Add unit tests for all the utility functions that build strings to
make sure they're correct.
* Fill in persona with "0" all the time now. Will be plumbed through in
later CL.
Change-Id: I0a7f6e3640cb6b052f8823080886ee79e90b679f
