Skip to content

Commit

Permalink
DO NOT MERGE: Clean up when recycling a pid with a pending launch
Browse files Browse the repository at this point in the history 
Fix for accidental launch of a broadcast receiver in an
incorrect app instance.

Bug: 30202481
Change-Id: I84b74edc29ca3fb88048b44af682ecbeb176b774
  • Loading branch information
Sudheer Shanka committed Aug 13, 2016
1 parent df7bd91 commit a3af5c6
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 5 deletions.
23 changes: 18 additions & 5 deletions services/java/com/android/server/am/ActivityManagerService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2819,6 +2819,15 @@ private final void startProcessLocked(ProcessRecord app,
app.usingWrapper = startResult.usingWrapper;
app.removed = false;
synchronized (mPidsSelfLocked) {
ProcessRecord oldApp;
// If there is already an app occupying that pid that hasn't been cleaned up
if ((oldApp = mPidsSelfLocked.get(startResult.pid)) != null && !app.isolated) {
// Clean up anything relating to this pid first
Slog.w(TAG, "Reusing pid " + startResult.pid
+ " while app is still mapped to it");
cleanUpApplicationRecordLocked(oldApp, false, false, -1,
true /*replacingPid*/);
}
this.mPidsSelfLocked.put(startResult.pid, app);
Message msg = mHandler.obtainMessage(PROC_START_TIMEOUT_MSG);
msg.obj = app;
Expand Down Expand Up @@ -3608,7 +3617,8 @@ public void overridePendingTransition(IBinder token, String packageName,
*/
private final void handleAppDiedLocked(ProcessRecord app,
boolean restarting, boolean allowRestart) {
cleanUpApplicationRecordLocked(app, restarting, allowRestart, -1);
cleanUpApplicationRecordLocked(app, restarting, allowRestart, -1,
false /*replacingPid*/);
if (!restarting) {
removeLruProcessLocked(app);
}
Expand Down Expand Up @@ -12395,7 +12405,8 @@ private final boolean removeDyingProviderLocked(ProcessRecord proc,
* a process when running in single process mode.
*/
private final void cleanUpApplicationRecordLocked(ProcessRecord app,
boolean restarting, boolean allowRestart, int index) {
boolean restarting, boolean allowRestart, int index, boolean replacingPid) {
Slog.d(TAG, "cleanUpApplicationRecordLocked -- " + app.pid);
if (index >= 0) {
removeLruProcessLocked(app);
}
Expand Down Expand Up @@ -12519,8 +12530,10 @@ private final void cleanUpApplicationRecordLocked(ProcessRecord app,
if (!app.persistent || app.isolated) {
if (DEBUG_PROCESSES || DEBUG_CLEANUP) Slog.v(TAG,
"Removing non-persistent process during cleanup: " + app);
mProcessNames.remove(app.processName, app.uid);
mIsolatedProcesses.remove(app.uid);
if (!replacingPid) {
mProcessNames.remove(app.processName, app.uid);
mIsolatedProcesses.remove(app.uid);
}
if (mHeavyWeightProcess == app) {
mHandler.sendMessage(mHandler.obtainMessage(CANCEL_HEAVY_NOTIFICATION_MSG,
mHeavyWeightProcess.userId, 0));
Expand Down Expand Up @@ -15818,7 +15831,7 @@ final void trimApplications() {
// Ignore exceptions.
}
}
cleanUpApplicationRecordLocked(app, false, true, -1);
cleanUpApplicationRecordLocked(app, false, true, -1, false /*replacingPid*/);
mRemovedProcesses.remove(i);

if (app.persistent) {
Expand Down
5 changes: 5 additions & 0 deletions services/java/com/android/server/am/BroadcastQueue.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,6 +255,11 @@ public boolean sendPendingBroadcastsLocked(ProcessRecord app) {
boolean didSomething = false;
final BroadcastRecord br = mPendingBroadcast;
if (br != null && br.curApp.pid == app.pid) {
if (br.curApp != app) {
Slog.e(TAG, "App mismatch when sending pending broadcast to "
+ app.processName + ", intended target is " + br.curApp.processName);
return false;
}
try {
mPendingBroadcast = null;
processCurBroadcastLocked(br, app);
Expand Down

0 comments on commit a3af5c6

Please sign in to comment.