Commits
Stephen Smalley authored 83d9eda9c2c
Pass additional inputs when spawning apps via the Zygote and add SELinux permission checks. When spawning an app process, the ActivityManagerService has additional information about the app package that may be useful in setting a SELinux security context on the process. Extend the Process.start() interface to allow passing such information to the Zygote spawner. We originally considered using the existing zygoteArgs argument, but found that those arguments are appended after the class name and left uninterpreted by ZygoteConnection, merely passed along to the class or wrapper. Thus we introduce a new seInfo argument for this purpose. Modify the ZygoteConnection to interpret the new option and convey it to forkAndSpecialize, as well as passing the nice name as a further input. Also modify the ZygoteConnection to apply SELinux permission checks on privileged operations. Change-Id: I66045ffd33ca9898b1d026882bcc1c5baf3adc17