Create /data_mirror in init.rc
Mount a tmpfs on top of it, and serve as a mirror of /data/data and /data/user_de, which will be used when zygote forks and overlay its CE and DE storage to prevent app can see other applications. Also, changed /data/user/0 from symlink to bind mount, so /data_mirror/data_ce/null can just bind to /data/user directly. Bug: 143937733 Test: Directories are created and mounted Change-Id: Ic72c47c9d3dc0ffc98510f5bb351eccf76524232
This commit is contained in:
Ricky Wai
rickywai
parent
b773897b01
commit
3cca270e95
2 changed files with 25 additions and 2 deletions
|
|
@ -72,7 +72,7 @@ endif
|
|||
#
|
||||
# create some directories (some are mount points) and symlinks
|
||||
LOCAL_POST_INSTALL_CMD := mkdir -p $(addprefix $(TARGET_ROOT_OUT)/, \
|
||||
dev proc sys system data odm oem acct config storage mnt apex debug_ramdisk \
|
||||
dev proc sys system data data_mirror odm oem acct config storage mnt apex debug_ramdisk \
|
||||
linkerconfig $(BOARD_ROOT_EXTRA_FOLDERS)); \
|
||||
ln -sf /system/bin $(TARGET_ROOT_OUT)/bin; \
|
||||
ln -sf /system/etc $(TARGET_ROOT_OUT)/etc; \
|
||||
|
|
|
|||
|
|
@ -650,12 +650,35 @@ on post-fs-data
|
|||
|
||||
mkdir /data/user 0711 system system encryption=None
|
||||
mkdir /data/user_de 0711 system system encryption=None
|
||||
symlink /data/data /data/user/0
|
||||
|
||||
# Unlink /data/user/0 if we previously symlink it to /data/data
|
||||
rm /data/user/0
|
||||
|
||||
# Bind mount /data/user/0 to /data/data
|
||||
mkdir /data/user/0 0700 system system encryption=None
|
||||
mount none /data/data /data/user/0 bind rec
|
||||
|
||||
# Special-case /data/media/obb per b/64566063
|
||||
mkdir /data/media 0770 media_rw media_rw encryption=None
|
||||
mkdir /data/media/obb 0770 media_rw media_rw encryption=Attempt
|
||||
|
||||
# A tmpfs directory, which will contain all apps CE DE data directory that
|
||||
# bind mount from the original source.
|
||||
chown root root /data_mirror
|
||||
chmod 0700 /data_mirror
|
||||
mount tmpfs tmpfs /data_mirror mode=0700,uid=0,gid=1000 nodev noexec nosuid
|
||||
restorecon /data_mirror
|
||||
mkdir /data_mirror/data_ce 0700 root root
|
||||
mkdir /data_mirror/data_de 0700 root root
|
||||
|
||||
# Create CE and DE data directory for default volume
|
||||
mkdir /data_mirror/data_ce/null 0700 root root
|
||||
mkdir /data_mirror/data_de/null 0700 root root
|
||||
|
||||
# Bind mount CE and DE data directory to mirror's default volume directory
|
||||
mount none /data/user /data_mirror/data_ce/null bind rec
|
||||
mount none /data/user_de /data_mirror/data_de/null bind rec
|
||||
|
||||
mkdir /data/cache 0770 system cache encryption=Require
|
||||
mkdir /data/cache/recovery 0770 system cache
|
||||
mkdir /data/cache/backup_stage 0700 system system
|
||||
|
|
|
|||
Loading…
Reference in a new issue