tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Create sandboxes for newly installed apps.

Browse source 
Bug: 111890351
Test: manual
Change-Id: I1b7f5bd25e04f9f4a61d0d4f64bbbb0ca6157fa5
This commit is contained in:
Sudheer Shanka 2018-08-24 10:20:56 -07:00
parent 4a923e216d
commit c756209b89
5 changed files with 67 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
VoldNativeService.cpp
View file

@ -251,6 +251,20 @@ binder::Status checkArgumentSandboxIds(const std::vector<std::string>& sandboxId
} \ } \
} }
#define CHECK_ARGUMENT_PACKAGE_NAME(packageName) { \
binder::Status status = checkArgumentPackageName((packageName)); \
if (!status.isOk()) { \
return status; \
} \
}
#define CHECK_ARGUMENT_SANDBOX_ID(sandboxId) { \
binder::Status status = checkArgumentSandboxId((sandboxId)); \
if (!status.isOk()) { \
return status; \
} \
}
#define ACQUIRE_LOCK \ #define ACQUIRE_LOCK \
std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getLock()); \ std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getLock()); \
ATRACE_CALL(); ATRACE_CALL();
@ -856,5 +870,16 @@ binder::Status VoldNativeService::destroyUserStorage(const std::unique_ptr<std::
return translateBool(e4crypt_destroy_user_storage(uuid_, userId, flags)); return translateBool(e4crypt_destroy_user_storage(uuid_, userId, flags));
} }
binder::Status VoldNativeService::mountExternalStorageForApp(const std::string& packageName,
int32_t appId, const std::string& sandboxId, int32_t userId) {
ENFORCE_UID(AID_SYSTEM);
CHECK_ARGUMENT_PACKAGE_NAME(packageName);
CHECK_ARGUMENT_SANDBOX_ID(sandboxId);
ACQUIRE_LOCK;
return translate(VolumeManager::Instance()->mountExternalStorageForApp(
packageName, appId, sandboxId, userId));
}
} // namespace vold } // namespace vold
} // namespace android } // namespace android

3
VoldNativeService.h
View file

@ -118,6 +118,9 @@ public:
int32_t userId, int32_t userSerial, int32_t flags); int32_t userId, int32_t userSerial, int32_t flags);
binder::Status destroyUserStorage(const std::unique_ptr<std::string>& uuid, binder::Status destroyUserStorage(const std::unique_ptr<std::string>& uuid,
int32_t userId, int32_t flags); int32_t userId, int32_t flags);
binder::Status mountExternalStorageForApp(const std::string& packageName, int32_t appId,
const std::string& sandboxId, int32_t userId);
}; };
} // namespace vold } // namespace vold

46
VolumeManager.cpp
View file

@ -375,22 +375,12 @@ int VolumeManager::linkPrimary(userid_t userId, const std::vector<std::string>&
mMntStorageCreated = true; mMntStorageCreated = true;
} }
std::string source(StringPrintf("/mnt/storage/%s", mPrimary->getLabel().c_str())); if (mountSandboxesForPrimaryVol(userId, packageNames) != 0) {
bool isPrimaryEmulated =
(mPrimary->getType() == android::vold::VolumeBase::Type::kEmulated);
if (isPrimaryEmulated) {
StringAppendF(&source, "/%d", userId);
if (fs_prepare_dir(source.c_str(), 0755, AID_ROOT, AID_ROOT) != 0) {
PLOG(ERROR) << "fs_prepare_dir failed on " << source;
return -errno;
}
}
if (mountSandboxesForPrimaryVol(source, userId, packageNames, isPrimaryEmulated) != 0) {
return -errno; return -errno;
} }
// Keep /sdcard working for shell process // Keep /sdcard working for shell process
std::string primarySource(mPrimary->getPath()); std::string primarySource(mPrimary->getPath());
if (isPrimaryEmulated) { if (mPrimary->getType() == android::vold::VolumeBase::Type::kEmulated) {
StringAppendF(&primarySource, "/%d", userId); StringAppendF(&primarySource, "/%d", userId);
} }
std::string target(StringPrintf("/mnt/user/%d/primary", userId)); std::string target(StringPrintf("/mnt/user/%d/primary", userId));
@ -425,8 +415,18 @@ int VolumeManager::linkPrimary(userid_t userId, const std::vector<std::string>&
return 0; return 0;
} }
int VolumeManager::mountSandboxesForPrimaryVol(const std::string& primaryRoot, userid_t userId, int VolumeManager::mountSandboxesForPrimaryVol(userid_t userId,
const std::vector<std::string>& packageNames, bool isPrimaryEmulated) { const std::vector<std::string>& packageNames) {
std::string primaryRoot(StringPrintf("/mnt/storage/%s", mPrimary->getLabel().c_str()));
bool isPrimaryEmulated =
(mPrimary->getType() == android::vold::VolumeBase::Type::kEmulated);
if (isPrimaryEmulated) {
StringAppendF(&primaryRoot, "/%d", userId);
if (fs_prepare_dir(primaryRoot.c_str(), 0755, AID_ROOT, AID_ROOT) != 0) {
PLOG(ERROR) << "fs_prepare_dir failed on " << primaryRoot;
return -errno;
}
}
std::string sandboxRoot = prepareSubDirs(primaryRoot, "Android/sandbox/", std::string sandboxRoot = prepareSubDirs(primaryRoot, "Android/sandbox/",
0700, AID_ROOT, AID_ROOT); 0700, AID_ROOT, AID_ROOT);
@ -637,6 +637,24 @@ int VolumeManager::addSandboxIds(const std::vector<int32_t>& appIds,
return 0; return 0;
} }
int VolumeManager::mountExternalStorageForApp(const std::string& packageName, appid_t appId,
const std::string& sandboxId, userid_t userId) {
if (!GetBoolProperty(kIsolatedStorage, false)) {
return 0;
} else if (mStartedUsers.find(userId) == mStartedUsers.end()) {
// User not started, no need to do anything now. Required bind mounts for the package will
// be created when the user starts.
return 0;
}
mUserPackages[userId].push_back(packageName);
mAppIds[packageName] = appId;
mSandboxIds[appId] = sandboxId;
if (mPrimary) {
return mountSandboxesForPrimaryVol(userId, {packageName});
}
return 0;
}
int VolumeManager::onSecureKeyguardStateChanged(bool isShowing) { int VolumeManager::onSecureKeyguardStateChanged(bool isShowing) {
mSecureKeyguardShowing = isShowing; mSecureKeyguardShowing = isShowing;
if (!mSecureKeyguardShowing) { if (!mSecureKeyguardShowing) {

6
VolumeManager.h
View file

@ -97,6 +97,8 @@ public:
int addAppIds(const std::vector<std::string>& packageNames, const std::vector<int32_t>& appIds); int addAppIds(const std::vector<std::string>& packageNames, const std::vector<int32_t>& appIds);
int addSandboxIds(const std::vector<int32_t>& appIds, int addSandboxIds(const std::vector<int32_t>& appIds,
const std::vector<std::string>& sandboxIds); const std::vector<std::string>& sandboxIds);
int mountExternalStorageForApp(const std::string& packageName, appid_t appId,
const std::string& sandboxId, userid_t userId);
int onSecureKeyguardStateChanged(bool isShowing); int onSecureKeyguardStateChanged(bool isShowing);
@ -146,8 +148,8 @@ private:
const std::string& dataRootDir); const std::string& dataRootDir);
std::string preparePkgDataTarget(const std::string& packageName, uid_t uid, std::string preparePkgDataTarget(const std::string& packageName, uid_t uid,
const std::string& pkgSandboxDir); const std::string& pkgSandboxDir);
int mountSandboxesForPrimaryVol(const std::string& primaryRoot, userid_t userId, int mountSandboxesForPrimaryVol(userid_t userId,
const std::vector<std::string>& packageNames, bool isPrimaryEmulated); const std::vector<std::string>& packageNames);
std::string prepareSubDirs(const std::string& pathPrefix, const std::string& subDirs, std::string prepareSubDirs(const std::string& pathPrefix, const std::string& subDirs,
mode_t mode, uid_t uid, gid_t gid); mode_t mode, uid_t uid, gid_t gid);

3
binder/android/os/IVold.aidl
View file

@ -96,6 +96,9 @@ interface IVold {
void prepareUserStorage(@nullable @utf8InCpp String uuid, int userId, int userSerial, int storageFlags); void prepareUserStorage(@nullable @utf8InCpp String uuid, int userId, int userSerial, int storageFlags);
void destroyUserStorage(@nullable @utf8InCpp String uuid, int userId, int storageFlags); void destroyUserStorage(@nullable @utf8InCpp String uuid, int userId, int storageFlags);
void mountExternalStorageForApp(in @utf8InCpp String packageName,
int appId, in @utf8InCpp String sandboxId, int userId);
const int ENCRYPTION_FLAG_NO_UI = 4; const int ENCRYPTION_FLAG_NO_UI = 4;
const int ENCRYPTION_STATE_NONE = 1; const int ENCRYPTION_STATE_NONE = 1;