Revert "ART: Forbid the zygote to load code outside of system"
This reverts commit 9ef308da0ea8d1df2edf65d4957599fafcc56aeb.
Bug: 150032912
Bug: 129454856
Test: boots
(cherry-picked from commit e5c48f75476bc7bac843c862dfeeaeed2b95d94f)
Change-Id: I522b1e0e2b9116239ca206aa5c65347976eac7ab
Merged-In: I522b1e0e2b9116239ca206aa5c65347976eac7ab
diff --git a/runtime/native/dalvik_system_ZygoteHooks.cc b/runtime/native/dalvik_system_ZygoteHooks.cc
index 482c4ec..c010082 100644
--- a/runtime/native/dalvik_system_ZygoteHooks.cc
+++ b/runtime/native/dalvik_system_ZygoteHooks.cc
@@ -278,11 +278,6 @@
Runtime::Current()->GetJit()->GetCodeCache()->PostForkChildAction(
/* is_system_server= */ true, /* is_zygote= */ false);
}
- // Allow picking up verity-protected files from the dalvik cache for pre-caching. This window will
- // be closed in the common nativePostForkChild below.
- Runtime::Current()->GetOatFileManager().SetOnlyUseSystemOatFiles(
- /*enforce=*/false, /*assert_no_files_loaded=*/false);
-
// Enable profiling if required based on the flags. This is done here instead of in
// nativePostForkChild since nativePostForkChild is called after loading the system server oat
// files.
@@ -315,13 +310,10 @@
runtime_flags &= ~DISABLE_VERIFIER;
}
- bool only_use_system_oat_files = false;
if ((runtime_flags & ONLY_USE_SYSTEM_OAT_FILES) != 0 || is_system_server) {
- only_use_system_oat_files = true;
+ runtime->GetOatFileManager().SetOnlyUseSystemOatFiles(!is_system_server);
runtime_flags &= ~ONLY_USE_SYSTEM_OAT_FILES;
}
- runtime->GetOatFileManager().SetOnlyUseSystemOatFiles(only_use_system_oat_files,
- !is_system_server);
api_enforcement_policy = hiddenapi::EnforcementPolicyFromInt(
(runtime_flags & HIDDEN_API_ENFORCEMENT_POLICY_MASK) >> API_ENFORCEMENT_POLICY_SHIFT);
diff --git a/runtime/oat_file_manager.cc b/runtime/oat_file_manager.cc
index 23e2ad2..3839dca 100644
--- a/runtime/oat_file_manager.cc
+++ b/runtime/oat_file_manager.cc
@@ -1037,9 +1037,9 @@
}
}
-void OatFileManager::SetOnlyUseSystemOatFiles(bool enforce, bool assert_no_files_loaded) {
+void OatFileManager::SetOnlyUseSystemOatFiles(bool assert_no_files_loaded) {
ReaderMutexLock mu(Thread::Current(), *Locks::oat_file_manager_lock_);
- if (!only_use_system_oat_files_ && enforce && assert_no_files_loaded) {
+ if (assert_no_files_loaded) {
// Make sure all files that were loaded up to this point are on /system. Skip the image
// files.
std::vector<const OatFile*> boot_vector = GetBootOatFiles();
@@ -1051,7 +1051,7 @@
}
}
}
- only_use_system_oat_files_ = enforce;
+ only_use_system_oat_files_ = true;
}
void OatFileManager::DumpForSigQuit(std::ostream& os) {
diff --git a/runtime/oat_file_manager.h b/runtime/oat_file_manager.h
index 7da4061..ef03f06 100644
--- a/runtime/oat_file_manager.h
+++ b/runtime/oat_file_manager.h
@@ -120,7 +120,7 @@
void DumpForSigQuit(std::ostream& os);
- void SetOnlyUseSystemOatFiles(bool enforce, bool assert_no_files_loaded);
+ void SetOnlyUseSystemOatFiles(bool assert_no_files_loaded);
// Spawn a background thread which verifies all classes in the given dex files.
void RunBackgroundVerification(const std::vector<const DexFile*>& dex_files,
diff --git a/runtime/runtime.cc b/runtime/runtime.cc
index b739450..3a94ef6 100644
--- a/runtime/runtime.cc
+++ b/runtime/runtime.cc
@@ -1784,9 +1784,8 @@
VLOG(startup) << "Runtime::Init exiting";
// Set OnlyUseSystemOatFiles only after boot classpath has been set up.
- if (is_zygote_ || runtime_options.Exists(Opt::OnlyUseSystemOatFiles)) {
- oat_file_manager_->SetOnlyUseSystemOatFiles(/*enforce=*/ true,
- /*assert_no_files_loaded=*/ true);
+ if (runtime_options.Exists(Opt::OnlyUseSystemOatFiles)) {
+ oat_file_manager_->SetOnlyUseSystemOatFiles(/*assert_no_files_loaded=*/ true);
}
return true;
