CorpseFinder: Avoid false leftovers for data owned by installed apps#2472
Draft
d4rken wants to merge 1 commit into
Draft
CorpseFinder: Avoid false leftovers for data owned by installed apps#2472d4rken wants to merge 1 commit into
d4rken wants to merge 1 commit into
Conversation
d4rken
added
enhancement
d4rken
force-pushed
the
worktree-corpse-uid-ownership
branch
from
533b579 to
58c5e34
Compare
PrivateDataCSI previously decided ownership purely by directory name, so a data_ce directory named after an uninstalled package was reported as a corpse even when a live, differently-named package still owns and maintains it (e.g. the Samsung Intelligent Wi-Fi rename wifi.intelligence -> wifi.ai). When no installed owner is found by name or clutter, the directory's POSIX owner uid is now resolved to the currently-installed package(s) that hold it: - exactly one live package -> attributed as the owner (not a corpse) - a shared system uid (e.g. 1000) mapping to many -> reported as a known unknown owner (not a corpse, without flooding installedOwners) - nothing installed -> still a corpse via the existing dirname fallback Adds a single-path lookupExtended to the APath gateway stack (the AIDL/host side already existed) and PkgRepo.getPkgsForUid, which resolves a uid to live NormalPkg entries from the in-memory cache (uid = userId * 100000 + appId).
d4rken
force-pushed
the
worktree-corpse-uid-ownership
branch
from
58c5e34 to
ec77e72
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changed
CorpseFinder is now less likely to falsely flag leftover data on rooted devices. When a private-data folder is named after an app that isn't installed, but the folder is still actively owned and used by an app that is installed (for example after a system app is renamed and keeps writing to its old data folder), CorpseFinder now recognizes the real owner and stops reporting it as uninstall residue.
This is the general fix behind the earlier Samsung "Intelligent Wi-Fi" report (
com.samsung.android.wifi.intelligencedata kept alive bycom.samsung.android.wifi.ai) — instead of needing a hand-written rule per case.Technical Context
PrivateDataCSIdecided ownership purely from the directory name. If the name didn't match an installed package (and no clutter rule applied), the folder was reported as a corpse — even when a live, differently-named package owns the data.hasKnownUnknownOwner), so it's not a corpse without floodinginstalledOwnersgetPkgsForUidresolves a uid against the in-memoryPkgRepocache only (no extra PackageManager/IPC calls); it decomposesuid = userId * 100000 + appIdand matches liveNormalPkgentries, so stale archived/uninstalled cache entries can't mask a real corpse.lookupExtendedwas added to theAPathgateway interface (LocalGateway/SAFGateway/GatewaySwitch); the root/ADB IPC side (lookUpExtended) already existed and is now wired through the client.statonly runs for corpse-suspect directories (no installed owner found), which are top-level dirs. Private-data scanning is already root-only, so the uid is authoritative. Lookup failures and cancellation fall through safely (cancellation is re-thrown, not swallowed).wifi.aiclutter marker from CorpseFinder: Fix false leftover for Samsung Intelligent Wi-Fi #2471 is kept as belt-and-suspenders.Refs #2469