From a0c283eac33dd2da72235751bbfa4f2d9898d5ea Mon Sep 17 00:00:00 2001
From: Dianne Hackborn <hackbod@google.com>
Date: Thu, 9 Feb 2012 10:47:01 -0800
Subject: Add new feature for running services in "isolated" sandbox processes.

This reserves a range of uids (for each user) in which these processes
run.  These uids are not associated with an application, so they
effectively run with no permissions.  When a Service requests to
run in such a process through android:isolatedProcess="true", each
time it is brought up a new isolated process is started with its
own unique uid.

What we have so far gives us the basic infrastructure; more work
remains to further lock down what these uids have access to.

Change-Id: Ibfd27c75619cba61f528f46ede9113f98dc5f45b
---
 core/java/android/app/ActivityThread.java | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'core/java/android/app/ActivityThread.java')

diff --git a/core/java/android/app/ActivityThread.java b/core/java/android/app/ActivityThread.java
index e4cfc9948704..bf632a9b0caa 100644
--- a/core/java/android/app/ActivityThread.java
+++ b/core/java/android/app/ActivityThread.java
@@ -134,7 +134,7 @@ public final class ActivityThread {
     private static final boolean DEBUG_RESULTS = false;
     private static final boolean DEBUG_BACKUP = true;
     private static final boolean DEBUG_CONFIGURATION = false;
-    private static final boolean DEBUG_SERVICE = true;
+    private static final boolean DEBUG_SERVICE = false;
     private static final long MIN_TIME_BETWEEN_GCS = 5*1000;
     private static final Pattern PATTERN_SEMICOLON = Pattern.compile(";");
     private static final int SQLITE_MEM_RELEASED_EVENT_LOG_TAG = 75003;
@@ -3764,13 +3764,17 @@ public final class ActivityThread {
     }
 
     private void setupGraphicsSupport(LoadedApk info) {
+        if (Process.isIsolated()) {
+            // Isolated processes aren't going to do UI.
+            return;
+        }
         try {
             int uid = Process.myUid();
             String[] packages = getPackageManager().getPackagesForUid(uid);
 
             // If there are several packages in this application we won't
             // initialize the graphics disk caches 
-            if (packages.length == 1) {
+            if (packages != null && packages.length == 1) {
                 ContextImpl appContext = new ContextImpl();
                 appContext.init(info, null, this);
 
-- 
cgit v1.2.3