fcf599c89c
/mnt/pass_through was introduced to allow the FUSE daemon unrestricted access to the lower filesystem (or sdcardfs). At zygote fork time, the FUSE daemon will have /mnt/pass_through/0 bind mounted to /storage instead of /mnt/user/0. To keep /sdcard (symlink to /storage/self/primary) paths working, we create a 'self' directory with an additional 'primary' symlink to /mnt/pass_through/0/emulated/0 which is a FUSE mount point. The following components need varying sepolicy privileges: Vold: Creates the self/primary symlink and mounts the lower filesystem on /mnt/pass_through/0/emulated. So needs create_dir and mount access + create_file access for the symlink zygote: In case zygote starts an app before vold sets up the paths. This is unlikely but can happen if the FUSE daemon (a zygote forked app) is started before system_server completes vold mounts. Same sepolicy requirements as vold installd: Needs to clear/destroy app data using lower filesystem mounted on /mnt/pass_through so needs read_dir access to walk /mnt/pass_through priv_app (FUSE daemon): Needs to server content from the lower filesystem mounted on /mnt/pass_through so needs read_dir access to walk /mnt/pass_through Bug: 135341433 Test: adb shell ls /mnt/pass_through/0/self/primary Change-Id: I16e35b9007c2143282600c56adbc9468a1b7f240 |
||
|---|---|---|
| .. | ||
| 26.0 | ||
| 27.0 | ||
| 28.0 | ||
| 29.0 | ||