tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Vold will always bind mount obb and data dirs to lowerfs

Browse source 
So shell / root will always access to them directly not via fuse.
And zygote will be unmount these directories to prevent them being
abused for leaking app visibility.

Also, /mnt/androidwritable is not very useful now as it's the same as
/mnt/installer, but we should make shell / root to access /mnt/androidwritable
later and /mnt/installer should only access obb but not data dir.

Bug: 182997439
Test: Able to boot without errors
Test: df on /sdcard/Android/data shows it's no on fuse.
Change-Id: I2ad10b1e80c135f637d37ddf502ee010f89f4946
This commit is contained in:
Ricky Wai 2021-03-19 15:35:49 +00:00 committed by rickywai
parent c237cbc575
commit 259a49ae15
1 changed files with 15 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

68
model/EmulatedVolume.cpp
View file

@ -116,24 +116,22 @@ status_t EmulatedVolume::mountFuseBindMounts() {
}
status_t status = OK;
// When app data isolation is enabled, obb/ will be mounted per app, otherwise we should
// bind mount the whole Android/ to speed up reading.
if (!mAppDataIsolationEnabled) {
std::string androidDataSource = StringPrintf("%s/data", androidSource.c_str());
std::string androidDataTarget(
StringPrintf("/mnt/user/%d/%s/%d/Android/data", userId, label.c_str(), userId));
status = doFuseBindMount(androidDataSource, androidDataTarget, pathsToUnmount);
if (status != OK) {
return status;
}
// Zygote will unmount these dirs if app data isolation is enabled, so apps
// cannot access these dirs directly.
std::string androidDataSource = StringPrintf("%s/data", androidSource.c_str());
std::string androidDataTarget(
StringPrintf("/mnt/user/%d/%s/%d/Android/data", userId, label.c_str(), userId));
status = doFuseBindMount(androidDataSource, androidDataTarget, pathsToUnmount);
if (status != OK) {
return status;
}
std::string androidObbSource = StringPrintf("%s/obb", androidSource.c_str());
std::string androidObbTarget(
StringPrintf("/mnt/user/%d/%s/%d/Android/obb", userId, label.c_str(), userId));
status = doFuseBindMount(androidObbSource, androidObbTarget, pathsToUnmount);
if (status != OK) {
return status;
}
std::string androidObbSource = StringPrintf("%s/obb", androidSource.c_str());
std::string androidObbTarget(
StringPrintf("/mnt/user/%d/%s/%d/Android/obb", userId, label.c_str(), userId));
status = doFuseBindMount(androidObbSource, androidObbTarget, pathsToUnmount);
if (status != OK) {
return status;
}
// Installers get the same view as all other apps, with the sole exception that the
@ -146,48 +144,12 @@ status_t EmulatedVolume::mountFuseBindMounts() {
std::string obbInstallerTarget(StringPrintf("/mnt/installer/%d/%s/%d/Android/obb",
userId, label.c_str(), userId));
status = doFuseBindMount(obbSource, obbInstallerTarget, pathsToUnmount);
if (status != OK) {
return status;
}
} else if (mAppDataIsolationEnabled) {
std::string obbSource(StringPrintf("%s/obb", androidSource.c_str()));
std::string obbInstallerTarget(StringPrintf("/mnt/installer/%d/%s/%d/Android/obb",
userId, label.c_str(), userId));
status = doFuseBindMount(obbSource, obbInstallerTarget, pathsToUnmount);
if (status != OK) {
return status;
}
}
// /mnt/androidwriteable is similar to /mnt/installer, but it's for
// MOUNT_EXTERNAL_ANDROID_WRITABLE apps and it can also access DATA (Android/data) dirs.
if (mAppDataIsolationEnabled) {
std::string obbSource = mUseSdcardFs ?
StringPrintf("/mnt/runtime/write/%s/%d/Android/obb", label.c_str(), userId)
: StringPrintf("%s/obb", androidSource.c_str());
std::string obbAndroidWritableTarget(
StringPrintf("/mnt/androidwritable/%d/%s/%d/Android/obb",
userId, label.c_str(), userId));
status = doFuseBindMount(obbSource, obbAndroidWritableTarget, pathsToUnmount);
if (status != OK) {
return status;
}
std::string dataSource = mUseSdcardFs ?
StringPrintf("/mnt/runtime/write/%s/%d/Android/data", label.c_str(), userId)
: StringPrintf("%s/data", androidSource.c_str());
std::string dataTarget(StringPrintf("/mnt/androidwritable/%d/%s/%d/Android/data",
userId, label.c_str(), userId));
status = doFuseBindMount(dataSource, dataTarget, pathsToUnmount);
if (status != OK) {
return status;
}
}
unmount_guard.Disable();
return OK;
}