Isolate app profile ref data
Due to aosp/1708274, ref data directory is now world accessible. We need to fix ref data directory so that it does not leak app visibility information. Bug: 189787375 Test: AppDataIsolationTests Change-Id: I716852478ce0734c7038934c88c36a567c06393f
This commit is contained in:
Ricky Wai
parent
7534f6ca53
commit
420830f8a6
1 changed files with 3 additions and 0 deletions
|
|
@ -884,6 +884,8 @@ on post-fs-data
|
|||
# Create mirror directory for jit profiles
|
||||
mkdir /data_mirror/cur_profiles 0700 root root
|
||||
mount none /data/misc/profiles/cur /data_mirror/cur_profiles bind rec
|
||||
mkdir /data_mirror/ref_profiles 0700 root root
|
||||
mount none /data/misc/profiles/ref /data_mirror/ref_profiles bind rec
|
||||
|
||||
mkdir /data/cache 0770 system cache encryption=Require
|
||||
mkdir /data/cache/recovery 0770 system cache
|
||||
|
|
@ -1265,6 +1267,7 @@ on userspace-reboot-fs-remount
|
|||
umount /data_mirror/data_ce/null
|
||||
umount /data_mirror/data_de/null
|
||||
umount /data_mirror/cur_profiles
|
||||
umount /data_mirror/ref_profiles
|
||||
umount /data_mirror
|
||||
remount_userdata
|
||||
start bootanim
|
||||
|
|
|
|||
Loading…
Reference in a new issue