diff options
Diffstat (limited to 'services/java/com/android/server')
8 files changed, 52 insertions, 15 deletions
diff --git a/services/java/com/android/server/ConnectivityService.java b/services/java/com/android/server/ConnectivityService.java index 478f8c7..1574667 100644 --- a/services/java/com/android/server/ConnectivityService.java +++ b/services/java/com/android/server/ConnectivityService.java @@ -1567,9 +1567,12 @@ public class ConnectivityService extends IConnectivityManager.Stub { return false; } NetworkStateTracker tracker = mNetTrackers[networkType]; - DetailedState netState = tracker.getNetworkInfo().getDetailedState(); + DetailedState netState = DetailedState.DISCONNECTED; + if (tracker != null) { + netState = tracker.getNetworkInfo().getDetailedState(); + } - if (tracker == null || (netState != DetailedState.CONNECTED && + if ((netState != DetailedState.CONNECTED && netState != DetailedState.CAPTIVE_PORTAL_CHECK) || tracker.isTeardownRequested()) { if (VDBG) { diff --git a/services/java/com/android/server/EntropyMixer.java b/services/java/com/android/server/EntropyMixer.java index fbb66f9..cfdbf7d 100644 --- a/services/java/com/android/server/EntropyMixer.java +++ b/services/java/com/android/server/EntropyMixer.java @@ -36,7 +36,8 @@ import android.util.Slog; /** * A service designed to load and periodically save "randomness" - * for the Linux kernel. + * for the Linux kernel RNG and to mix in data from Hardware RNG (if present) + * into the Linux RNG. * * <p>When a Linux system starts up, the entropy pool associated with * {@code /dev/random} may be in a fairly predictable state. Applications which @@ -45,6 +46,13 @@ import android.util.Slog; * this effect, it's helpful to carry the entropy pool information across * shutdowns and startups. * + * <p>On systems with Hardware RNG (/dev/hw_random), a block of output from HW + * RNG is mixed into the Linux RNG on EntropyMixer's startup and whenever + * EntropyMixer periodically runs to save a block of output from Linux RNG on + * disk. This mixing is done in a way that does not increase the Linux RNG's + * entropy estimate is not increased. This is to avoid having to trust/verify + * the quality and authenticity of the "randomness" of the HW RNG. + * * <p>This class was modeled after the script in * <a href="http://www.kernel.org/doc/man-pages/online/pages/man4/random.4.html">man * 4 random</a>. @@ -57,6 +65,7 @@ public class EntropyMixer extends Binder { private static final long START_NANOTIME = System.nanoTime(); private final String randomDevice; + private final String hwRandomDevice; private final String entropyFile; /** @@ -69,6 +78,7 @@ public class EntropyMixer extends Binder { Slog.e(TAG, "Will not process invalid message"); return; } + addHwRandomEntropy(); writeEntropy(); scheduleEntropyWriter(); } @@ -82,18 +92,25 @@ public class EntropyMixer extends Binder { }; public EntropyMixer(Context context) { - this(context, getSystemDir() + "/entropy.dat", "/dev/urandom"); + this(context, getSystemDir() + "/entropy.dat", "/dev/urandom", "/dev/hw_random"); } /** Test only interface, not for public use */ - public EntropyMixer(Context context, String entropyFile, String randomDevice) { + public EntropyMixer( + Context context, + String entropyFile, + String randomDevice, + String hwRandomDevice) { if (randomDevice == null) { throw new NullPointerException("randomDevice"); } + if (hwRandomDevice == null) { throw new NullPointerException("hwRandomDevice"); } if (entropyFile == null) { throw new NullPointerException("entropyFile"); } this.randomDevice = randomDevice; + this.hwRandomDevice = hwRandomDevice; this.entropyFile = entropyFile; loadInitialEntropy(); addDeviceSpecificEntropy(); + addHwRandomEntropy(); writeEntropy(); scheduleEntropyWriter(); IntentFilter broadcastFilter = new IntentFilter(Intent.ACTION_SHUTDOWN); @@ -168,6 +185,20 @@ public class EntropyMixer extends Binder { } } + /** + * Mixes in the output from HW RNG (if present) into the Linux RNG. + */ + private void addHwRandomEntropy() { + try { + RandomBlock.fromFile(hwRandomDevice).toFile(randomDevice, false); + Slog.i(TAG, "Added HW RNG output to entropy pool"); + } catch (FileNotFoundException ignored) { + // HW RNG not present/exposed -- ignore + } catch (IOException e) { + Slog.w(TAG, "Failed to add HW RNG output to entropy pool", e); + } + } + private static String getSystemDir() { File dataDir = Environment.getDataDirectory(); File systemDir = new File(dataDir, "system"); diff --git a/services/java/com/android/server/RandomBlock.java b/services/java/com/android/server/RandomBlock.java index e5d7301..6d6d901 100644 --- a/services/java/com/android/server/RandomBlock.java +++ b/services/java/com/android/server/RandomBlock.java @@ -27,13 +27,13 @@ import java.io.InputStream; import java.io.RandomAccessFile; /** - * A 4k block of random {@code byte}s. + * A block of 512 random {@code byte}s. */ class RandomBlock { private static final String TAG = "RandomBlock"; private static final boolean DEBUG = false; - private static final int BLOCK_SIZE = 4096; + private static final int BLOCK_SIZE = 512; private byte[] block = new byte[BLOCK_SIZE]; private RandomBlock() { } diff --git a/services/java/com/android/server/am/ActivityManagerService.java b/services/java/com/android/server/am/ActivityManagerService.java index fe83e9f..c42a15e 100644 --- a/services/java/com/android/server/am/ActivityManagerService.java +++ b/services/java/com/android/server/am/ActivityManagerService.java @@ -4174,9 +4174,9 @@ public final class ActivityManagerService extends ActivityManagerNative == PackageManager.PERMISSION_GRANTED) { forceStopPackageLocked(packageName, pkgUid, "clear data"); } else { - throw new SecurityException(pid+" does not have permission:"+ - android.Manifest.permission.CLEAR_APP_USER_DATA+" to clear data" + - "for process:"+packageName); + throw new SecurityException("PID " + pid + " does not have permission " + + android.Manifest.permission.CLEAR_APP_USER_DATA + " to clear data" + + " of package " + packageName); } } diff --git a/services/java/com/android/server/connectivity/Vpn.java b/services/java/com/android/server/connectivity/Vpn.java index f5a7039..2ca2cc5 100644 --- a/services/java/com/android/server/connectivity/Vpn.java +++ b/services/java/com/android/server/connectivity/Vpn.java @@ -597,10 +597,10 @@ public class Vpn extends BaseNetworkStateTracker { int appId = UserHandle.getAppId(Binder.getCallingUid()); final long token = Binder.clearCallingIdentity(); try { - // System dialogs are also allowed to control VPN. + // System VPN dialogs are also allowed to control VPN. PackageManager pm = mContext.getPackageManager(); ApplicationInfo app = pm.getApplicationInfo(VpnConfig.DIALOGS_PACKAGE, 0); - if (appId == app.uid) { + if (((app.flags & ApplicationInfo.FLAG_SYSTEM) != 0) && (appId == app.uid)) { return; } } catch (Exception e) { diff --git a/services/java/com/android/server/pm/Installer.java b/services/java/com/android/server/pm/Installer.java index 734d071..0d2b503 100644 --- a/services/java/com/android/server/pm/Installer.java +++ b/services/java/com/android/server/pm/Installer.java @@ -265,7 +265,7 @@ public final class Installer { return execute(builder.toString()); } - public int createUserData(String name, int uid, int userId) { + public int createUserData(String name, int uid, int userId, String seinfo) { StringBuilder builder = new StringBuilder("mkuserdata"); builder.append(' '); builder.append(name); @@ -273,6 +273,8 @@ public final class Installer { builder.append(uid); builder.append(' '); builder.append(userId); + builder.append(' '); + builder.append(seinfo != null ? seinfo : "!"); return execute(builder.toString()); } diff --git a/services/java/com/android/server/pm/PackageManagerService.java b/services/java/com/android/server/pm/PackageManagerService.java index 7ae9251..841a531 100755 --- a/services/java/com/android/server/pm/PackageManagerService.java +++ b/services/java/com/android/server/pm/PackageManagerService.java @@ -3974,7 +3974,7 @@ public class PackageManagerService extends IPackageManager.Stub { for (int user : users) { if (user != 0) { res = mInstaller.createUserData(packageName, - UserHandle.getUid(user, uid), user); + UserHandle.getUid(user, uid), user, seinfo); if (res < 0) { return res; } diff --git a/services/java/com/android/server/pm/Settings.java b/services/java/com/android/server/pm/Settings.java index 0079b54..e599409 100644 --- a/services/java/com/android/server/pm/Settings.java +++ b/services/java/com/android/server/pm/Settings.java @@ -2679,7 +2679,8 @@ final class Settings { ps.setInstalled((ps.pkgFlags&ApplicationInfo.FLAG_SYSTEM) != 0, userHandle); // Need to create a data directory for all apps under this user. installer.createUserData(ps.name, - UserHandle.getUid(userHandle, ps.appId), userHandle); + UserHandle.getUid(userHandle, ps.appId), userHandle, + ps.pkg.applicationInfo.seinfo); } readDefaultPreferredAppsLPw(service, userHandle); writePackageRestrictionsLPr(userHandle); |