We bind mount /mnt/user/<userid> onto /storage for normal apps and
/mnt/pass_through/<userid> for special apps like the FUSE daemon or
the old android.process.media hosting the DownloadManager. This bind
mount allows app have /storage/self/primary which is what /sdcard
symlinks to.
Before this change, we were not creating the self/primary symlink on
/mnt/pass_through/<userid> so trying to access /sdcard from the
DownloadManager would fail.
Bug: 135341433
Test: atest android.app.cts.DownloadManagerTest#testAddCompletedDownload_invalidPaths
Change-Id: I660139be3d850e6e9ea4705f86ef2b5872ddca16
In preparation of sdcardfs going away on devices launching with R,
conditionally use it.
Bug: 146419093
Test: cuttlefish with sdcardfs, cuttlefish without sdcardfs but with
FUSE
Change-Id: I2c1d4b428dcb43c3fd274dde84d5088984161993
Previously, when mounting a FUSE volume, the permission bits for
/mnt/user/<userid> were very strict, 700 which was good, however this
value was ignored because it was overriden in zygote to 755. In fact
if it wasn't ignored, apps wouldn't have had access to /sdcard becase
they would lack the directory 'execute' bit for /mnt/user/<userid>
needed while looking up /mnt/user/<userid>/emulated
Now we set it to a strict enough value, 710 that only allows apps
running under the same user id to lookup /mnt/user/<userid>.
This ensures that user 10 cannot access /mnt/user/0.
A special case is added for /mnt/user/0 for shell since it is not in
the 'everybody' group and would otherwise not be able to 'adb shell ls
/sdcard'
Bug: 135341433
Test: atest -c android.appsecurity.cts.ExternalStorageHostTest#testSecondaryUsersInaccessible
Change-Id: Ia427d1b69c7140254ae3459b98e51531d8322f1a
vold historically offerred functionality to create directories on behalf
of others. This functionality was purely used to create app-specific
data/obb/media dirs. Make this more explicit by renaming the method to
indicate this.
Additionally, in the past, we never needed to care about the UID set on
these directories, because sdcardfs would take care of that for us
automatically. But with sdcardfs going away, we need to make sure the
UID of the app-specific directories is set correctly. Allow the caller
to pass this in as an argument.
Bug: 146419093
Test: atest FuseDaemonHostTest
Change-Id: Ibeb5fdc91b40d53583bc0960ee11c4d640549c34
For apps seeing the FUSE filesystem, we want to bind-mount the Android/
directory to the lower filesystem. The main reason for this is game
performance - Android/ contains both OBBs and app-private external data,
and both are heavily accessed during game startup. This is a pretty
straightforward bind-mount on top of /mnt/user.
Bug: 137890172
Test: Running the following:
df /storge/emulated/0 ==> /dev/fuse (FUSE)
df /storage/emulated/0/Android ==> /data/media (sdcardfs)
Test: atest AdoptableHostTest
Change-Id: Ic17a5751b5a94846ee565ff935644a078044ab06
The pass-through mount is used by MediaProvider to access external
storage. Previously, it was the raw filesystem (eg ext4/f2fs); the
problem with that is that the permissions on that filesystem don't allow
MediaProvider to access all the files it needs to - in particular
directories under Android/
To solve this problem, we can have the pass-through mount sit on top of
sdcardfs instead of the raw filesystem. This means we need to mount
sdcardfs even in case we're using FUSE, but we already needed to do this
anyway for other performance reasons.
Bug: 135341433
Test: atest AdoptableHostTest
Change-Id: I893d5e5076c5096d2d55212f643c9a857242e964
symlink(2) creates a symbolic link 'linkpath' containing a
string 'target'.
linkpath was misnamed as target in MountUserFuse. This cl
s/target/linkpath/ in Utils#MountUserFuse.
Test: m
Change-Id: I274823da16b87ffc124e2e8c4563b1d16546a6e7
Up until now, the FUSE mount logic has made two assumptions:
1. The primary external volume is an emulated volume on /data/media
2. Only the primary user is running, as user zero
These assumptions are fixed by the following changes
creating an EmulatedVolume per Android user and changing the
VolumeBase id format to append the user to the id, so
s/emulated/emulated-0/. This allows us mount separate volumes per user
Some additional refactorings to re-use/clean up code.
Test: adb shell sm set-virtual-disk and partition disk operations work
even after setting up a work profile
Bug: 135341433
Change-Id: Ifabaa12368e5a591fbcdce4ee71c83ff35fdac6b
Before this, the FUSE daemon receives a setattr inode timestamp
request for every write request. This can be crippling for write
performance or read performance during writes especially random
writes where the write back cache does not effectively coagulate
requests.
We now add the MS_LAZYTIME mount flag
(http://man7.org/linux/man-pages/man2/mount.2.html) to lazily flush
the timestamp updates from memory to disk
Test: m
Bug: 135341433
Change-Id: I95a467d5682a325b4099f32634d93ed2921f815e
Also allow the state just before doMount() as a valid state for setting
fuse fd.
Test: manual
BUG:140173712
Change-Id: I012f8a83fef00e68f33010954fbc2ebc53cf8f1d
Since system_server cannot mount devices by itself,
add a binder interface to vold that system_server
can call to initiate this mount when required.
BUG: 135341433
Test: manual
Test: atest --test-mapping packages/providers/MediaProvider
Test: ExternalStorageHostTest DownloadProviderTests
Change-Id: If4fd02a1f1a8d921a3f96783d8c73e085c5b7ca1
Remove static definition of writeStringToFile, and
move it from KeyStorage to Utils
(cherry picked from commit 0bd2d11692)
Bug: 71810347
Test: Build pass and reboot stress test.
Change-Id: I38bfd27370ac2372e446dc699f518122e73c6877
Merged-In: I38bfd27370ac2372e446dc699f518122e73c6877
We need this to stay mounted at /storage.
Bug: 124466384
Test: manual
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/ExternalStorageHostTest.java
Test: atest cts/tests/tests/provider/src/android/provider/cts/MediaStore*
Change-Id: I0cc835471ced2822d83d7056bec53d62ddc682f0
Some of the pkg specific dirs could be created by zygote
and vold in parallel, so ignore any EEXIST errors while
creating these dirs.
Bug: 118185801
Test: manual
Change-Id: Ifaa9998131764304867ac027af335414dbfc291c
Update vold to only create package sandboxes and not do any bind mounts.
After zygote forks, all the necessary bind mounts will be setup for
the process.
Bug: 124009234
Test: manual
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/ExternalStorageHostTest.java
Test: atest DownloadProviderTests
Test: atest cts/tests/app/src/android/app/cts/DownloadManagerTest.java
Test: atest MediaProviderTests
Test: atest cts/tests/tests/provider/src/android/provider/cts/MediaStore*
Change-Id: Ia42209cb74cbc423bb09c1c51cb7a164f7c568da
Add a utility method to unmount all mountpoints
that start with a prefix.
Bug: 122905493
Test: manual
Change-Id: I11739e40e7849c1b4ca9e0b90c5c3f243691257a
From man 2 umount:
MNT_DETACH (since Linux 2.4.11)
Perform a lazy unmount: make the mount point unavailable for new
accesses, immediately disconnect the filesystem and all filesystems
mounted below it from each other and from the mount table, and
actually perform the unmount when the mount point ceases to be busy.
So we don't need to unmount the filesystems under it one by one.
Bug: 113796163
Test: atest android.appsecurity.cts.PermissionsHostTest#testInteractiveGrant23
Change-Id: I6a0422466a9865ff6d17122505ca73d041de9d54
Don't duplicate what's already in unique_fd.h
Also, code that tries to handle weird stdout condition won't work
because of cloexec; just don't try that.
My tests:
- Ensure Marlin device boots and vold_prepare_subdirs is called
successfully
- Try adb shell sm set-virtual-disk true, see that eg sgdisk output is
logged.
Bug: 26735063
Bug: 113796163
Test: details in commit
Change-Id: I5698ba0b4c8bd692a740a1bd445e677ad4815d11
Do our own fork/exec rather than using a library. This leads to
many improvements:
- unite the output recording path with the other path
- never concatenate arguments with spaces
- never use the shell
- move setexeccon after fork, so we don't need to take the lock
- general code refactor while we're there
My tests:
- Ensure Marlin device boots and vold_prepare_subdirs is called
successfully
- Try adb shell sm set-virtual-disk true, see that eg sgdisk output is
logged.
weilongping@huawei.com's tests:
- unlock a user's de and ce directory;
- connect to a OTG storage device or a sdcard and ensure the mount logic be successful
Bug: 26735063
Bug: 113796163
Test: details in commit
Change-Id: I0976413529d7cbeebf5b8649660a385f9b036f04
fdopendir takes ownership of the file descriptor, leading to it being
closed by both unique_fd's destructor and closedir.
Test: treehugger
Change-Id: Ibd193e988c77c5323720531445f334c0795c68b9
It can sometimes take a moment for the dm-device to appear after
creation, causing operations on it such as formatting to fail.
Ensure the device exists before create_crypto_blk_dev returns.
Test: adb sm set-virtual-disk true and format as adoptable.
Bug: 117586466
Change-Id: Id8f571b551f50fc759e78d917e4ac3080e926722
Merged-In: Id8f571b551f50fc759e78d917e4ac3080e926722
It can sometimes take a moment for the dm-device to appear after
creation, causing operations on it such as formatting to fail.
Ensure the device exists before create_crypto_blk_dev returns.
Test: adb sm set-virtual-disk true and format as adoptable.
Bug: 117586466
Change-Id: Id8f571b551f50fc759e78d917e4ac3080e926722
- Also update vold to create sandboxes for secondary storage devices.
- Since bind mounts are created in the process specific namespaces, we
don't need /mnt/storage anymore which we were using it to prevent
some bind mounts from propagating onto /mnt/runtime/write.
- Create bind mounts for {media,obb} dirs similar to data dir in
per process namespace.
- Also fix a bug where we are not passing correct packages to vold when
a new user starts.
Bug: 111890351
Test: manual
Change-Id: I7849efc4fbf3c654606fa30de7ab2de0236d766f
Helpers to get a block device size in bytes or 512 byte sectors,
using BLKGETSIZE64 and returning value of uint64_t type.
This also removes get_blkdev_size().
Test: build, manual, mount exFAT volume
Bug: 80202067
Change-Id: Ib07e8ac6ef7ff49de0ed570d1fa202e8b558b80c
