Merge "Don't unmount /storage for early native processes"

2019-03-09 01:33:40 +00:00 · 2019-03-09 01:33:40 +00:00 · ee9554b2d9
commit ee9554b2d9
parent 5f01cf3cac 8d21c924d7
2 changed files with 26 additions and 0 deletions
--- a/Android.bp
+++ b/Android.bp
@ -152,6 +152,9 @@ cc_library_static {
    shared_libs: [
        "android.hardware.health.storage@1.0",
    ],
+    whole_static_libs: [
+        "com.android.sysprop.apex",
+    ],
 }

 cc_binary {
--- a/VolumeManager.cpp
+++ b/VolumeManager.cpp
@ -33,6 +33,7 @@

 #include <linux/kdev_t.h>

+#include <ApexProperties.sysprop.h>
 #include <android-base/logging.h>
 #include <android-base/parseint.h>
 #include <android-base/properties.h>
@ -432,6 +433,8 @@ int VolumeManager::remountUid(uid_t uid, const std::string& mode) {
    struct stat sb;
    pid_t child;

+    static bool apexUpdatable = android::sysprop::ApexProperties::updatable().value_or(false);
+
    if (!(dir = opendir("/proc"))) {
        PLOG(ERROR) << "Failed to opendir";
        return -1;
@ -476,6 +479,26 @@ int VolumeManager::remountUid(uid_t uid, const std::string& mode) {
            goto next;
        }

+        if (apexUpdatable) {
+            std::string exeName;
+            // When ro.apex.bionic_updatable is set to true,
+            // some early native processes have mount namespaces that are different
+            // from that of the init. Therefore, above check can't filter them out.
+            // Since the propagation type of / is 'shared', unmounting /storage
+            // for the early native processes affects other processes including
+            // init. Filter out such processes by skipping if a process is a
+            // non-Java process whose UID is < AID_APP_START. (The UID condition
+            // is required to not filter out child processes spawned by apps.)
+            if (!android::vold::Readlinkat(pidFd, "exe", &exeName)) {
+                PLOG(WARNING) << "Failed to read exe name for " << de->d_name;
+                goto next;
+            }
+            if (!StartsWith(exeName, "/system/bin/app_process") && sb.st_uid < AID_APP_START) {
+                LOG(WARNING) << "Skipping due to native system process";
+                goto next;
+            }
+        }
+
        // We purposefully leave the namespace open across the fork
        nsFd = openat(pidFd, "ns/mnt", O_RDONLY);  // not O_CLOEXEC
        if (nsFd < 0) {