Pass SElinux info to installd dexopt

For secondary dex files, the oat directory is created on the fly. We
need to make sure we restore the SElinux context after the oat files are
generated. To do that we need to pass the app SElinux info to installd
dexopt.

Bug: 36896515
Test: adb shell cmd package compile -r bg-dexopt --secondary-dex com.google.android.gms
      adb shell ls
/data/user_de/0/com.google.android.gms/app_chimera/m/0000000c/oat/arm64/
-Z
      youtube loads gms modules without extracting from apk

Change-Id: I5be34b42a509701f6222ca52bec4761c161ec6eb

diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java
index b2a2fec..67bce8c 100644 (file)
--- a/core/java/com/android/internal/os/ZygoteInit.java
+++ b/core/java/com/android/internal/os/ZygoteInit.java
@@ -548,10 +548,11 @@ public class ZygoteInit {
                 final int dexFlags = 0;
                 final String compilerFilter = "speed";
                 final String uuid = StorageManager.UUID_PRIVATE_INTERNAL;
+                final String seInfo = null;
                 try {
                     installd.dexopt(classPathElement, Process.SYSTEM_UID, packageName,
                             instructionSet, dexoptNeeded, outputPath, dexFlags, compilerFilter,
-                            uuid, sharedLibraries);
+                            uuid, sharedLibraries, seInfo);
                 } catch (RemoteException | ServiceSpecificException e) {
                     // Ignore (but log), we need this on the classpath for fallback mode.
                     Log.w(TAG, "Failed compiling classpath element for system server: "

diff --git a/services/core/java/com/android/server/pm/Installer.java b/services/core/java/com/android/server/pm/Installer.java
index 9f7c4a2..1e2b743 100644 (file)
--- a/services/core/java/com/android/server/pm/Installer.java
+++ b/services/core/java/com/android/server/pm/Installer.java
@@ -279,13 +279,14 @@ public class Installer extends SystemService {
 
     public void dexopt(String apkPath, int uid, @Nullable String pkgName, String instructionSet,
             int dexoptNeeded, @Nullable String outputPath, int dexFlags,
-            String compilerFilter, @Nullable String volumeUuid, @Nullable String sharedLibraries)
+            String compilerFilter, @Nullable String volumeUuid, @Nullable String sharedLibraries,
+            @Nullable String seInfo)
             throws InstallerException {
         assertValidInstructionSet(instructionSet);
         if (!checkBeforeRemote()) return;
         try {
             mInstalld.dexopt(apkPath, uid, pkgName, instructionSet, dexoptNeeded, outputPath,
-                    dexFlags, compilerFilter, volumeUuid, sharedLibraries);
+                    dexFlags, compilerFilter, volumeUuid, sharedLibraries, seInfo);
         } catch (Exception e) {
             throw InstallerException.from(e);
         }

diff --git a/services/core/java/com/android/server/pm/OtaDexoptService.java b/services/core/java/com/android/server/pm/OtaDexoptService.java
index 6245ffc..498181b 100644 (file)
--- a/services/core/java/com/android/server/pm/OtaDexoptService.java
+++ b/services/core/java/com/android/server/pm/OtaDexoptService.java
@@ -278,7 +278,7 @@ public class OtaDexoptService extends IOtaDexopt.Stub {
             public void dexopt(String apkPath, int uid, @Nullable String pkgName,
                     String instructionSet, int dexoptNeeded, @Nullable String outputPath,
                     int dexFlags, String compilerFilter, @Nullable String volumeUuid,
-                    @Nullable String sharedLibraries) throws InstallerException {
+                    @Nullable String sharedLibraries, @Nullable String seInfo) throws InstallerException {
                 commands.add(buildCommand("dexopt",
                         apkPath,
                         uid,
@@ -289,7 +289,8 @@ public class OtaDexoptService extends IOtaDexopt.Stub {
                         dexFlags,
                         compilerFilter,
                         volumeUuid,
-                        sharedLibraries));
+                        sharedLibraries,
+                        seInfo));
             }
         };
 

diff --git a/services/core/java/com/android/server/pm/PackageDexOptimizer.java b/services/core/java/com/android/server/pm/PackageDexOptimizer.java
index acbd446..233d406 100644 (file)
--- a/services/core/java/com/android/server/pm/PackageDexOptimizer.java
+++ b/services/core/java/com/android/server/pm/PackageDexOptimizer.java
@@ -203,7 +203,7 @@ public class PackageDexOptimizer {
             long startTime = System.currentTimeMillis();
 
             mInstaller.dexopt(path, uid, pkg.packageName, isa, dexoptNeeded, oatDir, dexoptFlags,
-                    compilerFilter, pkg.volumeUuid, sharedLibrariesPath);
+                    compilerFilter, pkg.volumeUuid, sharedLibrariesPath, pkg.applicationInfo.seInfo);
 
             if (packageStats != null) {
                 long endTime = System.currentTimeMillis();
@@ -280,7 +280,7 @@ public class PackageDexOptimizer {
                 // TODO(calin): maybe add a separate call.
                 mInstaller.dexopt(path, info.uid, info.packageName, isa, /*dexoptNeeded*/ 0,
                         /*oatDir*/ null, dexoptFlags,
-                        compilerFilter, info.volumeUuid, SKIP_SHARED_LIBRARY_CHECK);
+                        compilerFilter, info.volumeUuid, SKIP_SHARED_LIBRARY_CHECK, info.seInfoUser);
             }
 
             return DEX_OPT_PERFORMED;