Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / e1dadb5a2d9bb3bf53b114b61e55bc629612a2b9
commite1dadb5a2d9bb3bf53b114b61e55bc629612a2b9[log] [tgz]
authorMartin Stjernholm <mast@google.com>Wed Mar 01 13:56:29 2023 +0000
committerMartin Stjernholm <mast@google.com>Thu Mar 02 00:31:25 2023 +0000
tree9f70f7258e1b9f6bc2b9b407ab1bccd0b1fb3827
parent650810250edb240d0ea0171ed6315de34be9c24b [diff]
Don't allow opening reference profiles for writing when ART Service is
enabled.

The dexopt code in installd is only used for OTA in that case, and this
should happen then. This is an extra safety check to ensure that.

There are more cases when existing files are potentially opened for
writing, which aren't addressed:

- open_snapshot_profile is used for app and boot image profile
  snapshots. This shouldn't be called at all when ART Service is in
  use, but there's no risk of reading truncated data from them since
  they're only written to.

- open_output_file is only used for a dex2oat swap file, but ART
  Service creates them at different guaranteed unique paths through
  art::artd::NewFile.

- RestorableFile::CreateWritableFile uses a .tmp file suffix that ART
  Service doesn't use.

Test: m dist
      system/update_engine/scripts/update_device.py \
        out/dist/*-ota-eng.*.zip
Bug: 251921228
Change-Id: I1d6f64beaf2bd8c9a05aa5c17a33492b89c903fd
1 file changed
tree: 9f70f7258e1b9f6bc2b9b407ab1bccd0b1fb3827
  1. aidl/
  2. build/
  3. cmds/
  4. data/
  5. docs/
  6. headers/
  7. include/
  8. include_sensor/
  9. libs/
  10. opengl/
  11. services/
  12. vulkan/
  13. rustfmt.toml ⇨ ../../build/soong/scripts/rustfmt.toml
  14. .clang-format
  15. .gitignore
  16. Android.bp
  17. CleanSpec.mk
  18. METADATA
  19. MODULE_LICENSE_APACHE2
  20. NOTICE
  21. PREUPLOAD.cfg
  22. TEST_MAPPING