From f885d551c2c8b03392ddcdf8c0fbdabcbc01e5b7 Mon Sep 17 00:00:00 2001
From: Ellen Arteca <emarteca@google.com>
Date: Tue, 9 Jan 2024 21:54:43 +0000
Subject: [PATCH] Create and support isolation for /data/storage_area

Creating the directory /data/storage_area (which will store each user's directory
of app directories of storage areas) on startup, and adding this directory
/data/storage_area to the tmpfs mirror so it can be protected by app data isolation
in zygote.

Bug: 325121608
Test: atest StorageAreaTest
Change-Id: Ia938e89fd8b794dbcbb844b01b790db7c0a62319
---
 rootdir/init.rc | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index e3896b1b2..6a7c499ed 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -958,6 +958,10 @@ on post-fs-data
     mkdir /data/vendor_ce 0551 root root encryption=None
     mkdir /data/vendor_de 0551 root root encryption=None
 
+    # Similar to the top-level CE and DE directories, /data/storage_area must
+    # itself be unencrypted, since it contains encrypted directories.
+    mkdir /data/storage_area 0551 root root encryption=None
+
     # Set the casefold flag on /data/media.  For upgrades, a restorecon can be
     # needed first to relabel the directory from media_rw_data_file.
     restorecon /data/media
@@ -971,8 +975,12 @@ on post-fs-data
     mkdir /data_mirror/data_de 0700 root root
     mkdir /data_mirror/misc_ce 0700 root root
     mkdir /data_mirror/misc_de 0700 root root
+    mkdir /data_mirror/storage_area 0700 root root
 
     # Create CE and DE data directory for default volume
+    # Not needed for storage_area directory, since this is
+    # not supported for non-default volumes and the path
+    # does not include the volume ID
     mkdir /data_mirror/data_ce/null 0700 root root
     mkdir /data_mirror/data_de/null 0700 root root
     mkdir /data_mirror/misc_ce/null 0700 root root
@@ -987,6 +995,9 @@ on post-fs-data
     mount none /data/misc_ce /data_mirror/misc_ce/null bind rec
     mount none /data/misc_de /data_mirror/misc_de/null bind rec
 
+    # Also bind mount for the storage area directory (minus the volume ID)
+    mount none /data/storage_area /data_mirror/storage_area bind rec
+
     # Create mirror directory for jit profiles
     mkdir /data_mirror/cur_profiles 0700 root root
     mount none /data/misc/profiles/cur /data_mirror/cur_profiles bind rec
@@ -1327,6 +1338,8 @@ on userspace-reboot-fs-remount
   umount /data_mirror/data_ce/null/0
   umount /data_mirror/data_ce/null
   umount /data_mirror/data_de/null
+  umount /data_mirror/storage_area/0
+  umount /data_mirror/storage_area
   umount /data_mirror/cur_profiles
   umount /data_mirror/ref_profiles
   umount /data_mirror