DO NOT MERGE: Clean up when recycling a pid with a pending launch

Fix for accidental launch of a broadcast receiver in an incorrect app instance. CYNGNOS-3286 Bug: 30202481 Change-Id: I8ec8f19c633f3aec8da084dab5fd5b312443336f (cherry picked from commit b02862c2cf3d786c53860087be34f554379cbdd7)
author: Amith Yamasani <yamasani@google.com> 2016-08-05 15:25:03 -0700
committer: Jessica Wagantall <jwagantall@cyngn.com> 2016-10-13 11:51:08 -0700
commit: 6ef9b634688089553a555a449974ee4cc7a16c9a (patch)
tree: 1f144584529a610d16814b2a33686b6a7d5b479d
parent: 6ac14d52c8c8c544fdbe89af2bd753948f82b214 (diff)
download: android_frameworks_base-6ef9b634688089553a555a449974ee4cc7a16c9a.tar.gz
android_frameworks_base-6ef9b634688089553a555a449974ee4cc7a16c9a.tar.bz2
android_frameworks_base-6ef9b634688089553a555a449974ee4cc7a16c9a.zip
2 files changed, 23 insertions, 5 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 67ed06401e3..ce94fb29068 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -3178,6 +3178,15 @@ public final class ActivityManagerService extends ActivityManagerNative
             app.killedByAm = false;
             checkTime(startTime, "startProcess: starting to update pids map");
             synchronized (mPidsSelfLocked) {
+                ProcessRecord oldApp;
+                // If there is already an app occupying that pid that hasn't been cleaned up
+                if ((oldApp = mPidsSelfLocked.get(startResult.pid)) != null && !app.isolated) {
+                    // Clean up anything relating to this pid first
+                    Slog.w(TAG, "Reusing pid " + startResult.pid
+                            + " while app is still mapped to it");
+                    cleanUpApplicationRecordLocked(oldApp, false, false, -1,
+                            true /*replacingPid*/);
+                }
                 this.mPidsSelfLocked.put(startResult.pid, app);
                 if (isActivityProcess) {
                     Message msg = mHandler.obtainMessage(PROC_START_TIMEOUT_MSG);
@@ -4695,7 +4704,8 @@ public final class ActivityManagerService extends ActivityManagerNative
     private final void handleAppDiedLocked(ProcessRecord app,
             boolean restarting, boolean allowRestart) {
         int pid = app.pid;
-        boolean kept = cleanUpApplicationRecordLocked(app, restarting, allowRestart, -1);
+        boolean kept = cleanUpApplicationRecordLocked(app, restarting, allowRestart, -1,
+                false /*replacingPid*/);
         if (!kept && !restarting) {
             removeLruProcessLocked(app);
             if (pid > 0) {
@@ -15157,7 +15167,8 @@ public final class ActivityManagerService extends ActivityManagerNative
      * app that was passed in must remain on the process lists.
      */
     private final boolean cleanUpApplicationRecordLocked(ProcessRecord app,
-            boolean restarting, boolean allowRestart, int index) {
+            boolean restarting, boolean allowRestart, int index, boolean replacingPid) {
+        Slog.d(TAG, "cleanUpApplicationRecord -- " + app.pid);
         if (index >= 0) {
             removeLruProcessLocked(app);
             ProcessList.remove(app.pid);
@@ -15287,8 +15298,10 @@ public final class ActivityManagerService extends ActivityManagerNative
         if (!app.persistent || app.isolated) {
             if (DEBUG_PROCESSES || DEBUG_CLEANUP) Slog.v(TAG,
                     "Removing non-persistent process during cleanup: " + app);
-            mProcessNames.remove(app.processName, app.uid);
-            mIsolatedProcesses.remove(app.uid);
+            if (!replacingPid) {
+                mProcessNames.remove(app.processName, app.uid);
+                mIsolatedProcesses.remove(app.uid);
+            }
             if (mHeavyWeightProcess == app) {
                 mHandler.sendMessage(mHandler.obtainMessage(CANCEL_HEAVY_NOTIFICATION_MSG,
                         mHeavyWeightProcess.userId, 0));
@@ -18940,7 +18953,7 @@ public final class ActivityManagerService extends ActivityManagerNative
                             // Ignore exceptions.
                         }
                     }
-                    cleanUpApplicationRecordLocked(app, false, true, -1);
+                    cleanUpApplicationRecordLocked(app, false, true, -1, false /*replacingPid*/);
                     mRemovedProcesses.remove(i);
 
                     if (app.persistent) {
diff --git a/services/core/java/com/android/server/am/BroadcastQueue.java b/services/core/java/com/android/server/am/BroadcastQueue.java
index 4a7d0c10f32..5d50bdf8b39 100644
--- a/services/core/java/com/android/server/am/BroadcastQueue.java
+++ b/services/core/java/com/android/server/am/BroadcastQueue.java
@@ -271,6 +271,11 @@ public final class BroadcastQueue {
         boolean didSomething = false;
         final BroadcastRecord br = mPendingBroadcast;
         if (br != null && br.curApp.pid == app.pid) {
+            if (br.curApp != app) {
+                Slog.e(TAG, "App mismatch when sending pending broadcast to "
+                        + app.processName + ", intended target is " + br.curApp.processName);
+                return false;
+            }
             try {
                 mPendingBroadcast = null;
                 processCurBroadcastLocked(br, app);
author	Amith Yamasani <yamasani@google.com>	2016-08-05 15:25:03 -0700
committer	Jessica Wagantall <jwagantall@cyngn.com>	2016-10-13 11:51:08 -0700
commit	6ef9b634688089553a555a449974ee4cc7a16c9a (patch)
tree	1f144584529a610d16814b2a33686b6a7d5b479d
parent	6ac14d52c8c8c544fdbe89af2bd753948f82b214 (diff)
download	android_frameworks_base-6ef9b634688089553a555a449974ee4cc7a16c9a.tar.gz android_frameworks_base-6ef9b634688089553a555a449974ee4cc7a16c9a.tar.bz2 android_frameworks_base-6ef9b634688089553a555a449974ee4cc7a16c9a.zip