Merge changes I310feb08,I2b6d6b08
* changes:
Rename SupplementalProcess to SdkSandbox
Create utility method for calculating supplemental_uid from app_uid
diff --git a/libcutils/include/cutils/multiuser.h b/libcutils/include/cutils/multiuser.h
index 9a2305c..229ee3a 100644
--- a/libcutils/include/cutils/multiuser.h
+++ b/libcutils/include/cutils/multiuser.h
@@ -30,6 +30,7 @@
extern appid_t multiuser_get_app_id(uid_t uid);
extern uid_t multiuser_get_uid(userid_t user_id, appid_t app_id);
+extern uid_t multiuser_get_sdk_sandbox_uid(userid_t user_id, appid_t app_id);
extern gid_t multiuser_get_cache_gid(userid_t user_id, appid_t app_id);
extern gid_t multiuser_get_ext_gid(userid_t user_id, appid_t app_id);
diff --git a/libcutils/include/private/android_filesystem_config.h b/libcutils/include/private/android_filesystem_config.h
index 8e6b81c..ec3f1c7 100644
--- a/libcutils/include/private/android_filesystem_config.h
+++ b/libcutils/include/private/android_filesystem_config.h
@@ -210,6 +210,10 @@
*/
#define AID_OVERFLOWUID 65534 /* unmapped user in the user namespace */
+/* use the ranges below to determine whether a process is sdk sandbox */
+#define AID_SDK_SANDBOX_PROCESS_START 20000 /* start of uids allocated to sdk sandbox processes */
+#define AID_SDK_SANDBOX_PROCESS_END 29999 /* end of uids allocated to sdk sandbox processes */
+
/* use the ranges below to determine whether a process is isolated */
#define AID_ISOLATED_START 90000 /* start of uids for fully isolated sandboxed processes */
#define AID_ISOLATED_END 99999 /* end of uids for fully isolated sandboxed processes */
diff --git a/libcutils/multiuser.cpp b/libcutils/multiuser.cpp
index 0fd3d0c..979cbf4 100644
--- a/libcutils/multiuser.cpp
+++ b/libcutils/multiuser.cpp
@@ -29,6 +29,15 @@
return (user_id * AID_USER_OFFSET) + (app_id % AID_USER_OFFSET);
}
+uid_t multiuser_get_sdk_sandbox_uid(userid_t user_id, appid_t app_id) {
+ int sdk_sandbox_offset = AID_SDK_SANDBOX_PROCESS_START - AID_APP_START;
+ if (app_id >= AID_APP_START && app_id <= AID_APP_END) {
+ return (user_id * AID_USER_OFFSET) + (app_id % AID_USER_OFFSET) + sdk_sandbox_offset;
+ } else {
+ return -1;
+ }
+}
+
gid_t multiuser_get_cache_gid(userid_t user_id, appid_t app_id) {
if (app_id >= AID_APP_START && app_id <= AID_APP_END) {
return multiuser_get_uid(user_id, (app_id - AID_APP_START) + AID_CACHE_GID_START);
diff --git a/libcutils/multiuser_test.cpp b/libcutils/multiuser_test.cpp
index 4b0fd13..62dd5e0 100644
--- a/libcutils/multiuser_test.cpp
+++ b/libcutils/multiuser_test.cpp
@@ -18,6 +18,7 @@
#include <gtest/gtest.h>
static constexpr auto ERR_GID = static_cast<gid_t>(-1);
+static constexpr auto ERR_UID = static_cast<uid_t>(-1);
TEST(MultiuserTest, TestMerge) {
EXPECT_EQ(0U, multiuser_get_uid(0, 0));
@@ -30,6 +31,22 @@
EXPECT_EQ(1050000U, multiuser_get_uid(10, 50000));
}
+TEST(MultiuserTest, TestSdkSandboxUid) {
+ EXPECT_EQ(ERR_UID, multiuser_get_sdk_sandbox_uid(0, 0));
+ EXPECT_EQ(ERR_UID, multiuser_get_sdk_sandbox_uid(0, 1000));
+ EXPECT_EQ(20000U, multiuser_get_sdk_sandbox_uid(0, 10000));
+ EXPECT_EQ(25000U, multiuser_get_sdk_sandbox_uid(0, 15000));
+ EXPECT_EQ(29999U, multiuser_get_sdk_sandbox_uid(0, 19999));
+ EXPECT_EQ(ERR_UID, multiuser_get_sdk_sandbox_uid(0, 50000));
+
+ EXPECT_EQ(ERR_UID, multiuser_get_sdk_sandbox_uid(10, 0));
+ EXPECT_EQ(ERR_UID, multiuser_get_sdk_sandbox_uid(10, 1000));
+ EXPECT_EQ(1020000U, multiuser_get_sdk_sandbox_uid(10, 10000));
+ EXPECT_EQ(1025000U, multiuser_get_sdk_sandbox_uid(10, 15000));
+ EXPECT_EQ(ERR_UID, multiuser_get_sdk_sandbox_uid(10, 20000));
+ EXPECT_EQ(ERR_UID, multiuser_get_sdk_sandbox_uid(10, 50000));
+}
+
TEST(MultiuserTest, TestSplitUser) {
EXPECT_EQ(0U, multiuser_get_user_id(0));
EXPECT_EQ(0U, multiuser_get_user_id(1000));