* commit '94629bdec34b253fa2e9cd9ec800715b3c3a4f7f': Protect runtime storage mount points.
This commit is contained in:
commit
063d4b07ab
2 changed files with 14 additions and 12 deletions
|
@ -64,16 +64,18 @@ on init
|
|||
mkdir /mnt/expand 0771 system system
|
||||
|
||||
# Storage views to support runtime permissions
|
||||
mkdir /mnt/runtime_default 0755 root root
|
||||
mkdir /mnt/runtime_default/self 0755 root root
|
||||
mkdir /mnt/runtime_read 0755 root root
|
||||
mkdir /mnt/runtime_read/self 0755 root root
|
||||
mkdir /mnt/runtime_write 0755 root root
|
||||
mkdir /mnt/runtime_write/self 0755 root root
|
||||
mkdir /storage 0755 root root
|
||||
mkdir /mnt/runtime 0700 root root
|
||||
mkdir /mnt/runtime/default 0755 root root
|
||||
mkdir /mnt/runtime/default/self 0755 root root
|
||||
mkdir /mnt/runtime/read 0755 root root
|
||||
mkdir /mnt/runtime/read/self 0755 root root
|
||||
mkdir /mnt/runtime/write 0755 root root
|
||||
mkdir /mnt/runtime/write/self 0755 root root
|
||||
|
||||
# Symlink to keep legacy apps working in multi-user world
|
||||
symlink /storage/self/primary /sdcard
|
||||
symlink /mnt/user/0/primary /mnt/runtime_default/self/primary
|
||||
symlink /mnt/user/0/primary /mnt/runtime/default/self/primary
|
||||
|
||||
# memory control cgroup
|
||||
mkdir /dev/memcg 0700 root system
|
||||
|
@ -225,7 +227,7 @@ on post-fs
|
|||
# Mount shared so changes propagate into child namespaces
|
||||
mount rootfs rootfs / shared rec
|
||||
# Mount default storage into root namespace
|
||||
mount none /mnt/runtime_default /storage slave bind rec
|
||||
mount none /mnt/runtime/default /storage slave bind rec
|
||||
|
||||
# We chown/chmod /cache again so because mount is run as root + defaults
|
||||
chown system cache /cache
|
||||
|
|
|
@ -1735,7 +1735,7 @@ static int usage() {
|
|||
" -g: specify GID to run as\n"
|
||||
" -U: specify user ID that owns device\n"
|
||||
" -m: source_path is multi-user\n"
|
||||
" -w: runtime_write mount has full write access\n"
|
||||
" -w: runtime write mount has full write access\n"
|
||||
"\n");
|
||||
return 1;
|
||||
}
|
||||
|
@ -1822,9 +1822,9 @@ static void run(const char* source_path, const char* label, uid_t uid,
|
|||
global.fuse_read = &fuse_read;
|
||||
global.fuse_write = &fuse_write;
|
||||
|
||||
snprintf(fuse_default.dest_path, PATH_MAX, "/mnt/runtime_default/%s", label);
|
||||
snprintf(fuse_read.dest_path, PATH_MAX, "/mnt/runtime_read/%s", label);
|
||||
snprintf(fuse_write.dest_path, PATH_MAX, "/mnt/runtime_write/%s", label);
|
||||
snprintf(fuse_default.dest_path, PATH_MAX, "/mnt/runtime/default/%s", label);
|
||||
snprintf(fuse_read.dest_path, PATH_MAX, "/mnt/runtime/read/%s", label);
|
||||
snprintf(fuse_write.dest_path, PATH_MAX, "/mnt/runtime/write/%s", label);
|
||||
|
||||
handler_default.fuse = &fuse_default;
|
||||
handler_read.fuse = &fuse_read;
|
||||
|
|
Loading…
Reference in a new issue