Commit graph

293 commits

Author SHA1 Message Date
Martijn Coenen
23c0445355 vold: Support aborting FUSE connections.
This can be done through binder as well as vdc, using 'vdc volume
abort_fuse'.

Bug: 153411204
Test: adb shell vdc volume abort_fuse
Change-Id: I93e46dc1cd361729cc1162c63520cf73152ea409
2020-05-28 16:07:16 +02:00
Daniel Rosenberg
f36bdddc7e Move enabling sdcardfs behind a property
This allows devices that have sdcardfs enabled in the kernel to not use
it. When external_storage.sdcardfs.enabled=0, sdcardfs will not be
mounted. This is treated as default true to not affect upgrading
devices. It does not use the old ro.sys.sdcardfs as that has been
repurposed over time and no longer can be relied on to turn off
sdcardfs. This is included within emulated_storage.mk

Bug: 155222498
Test: mount|grep "type sdcardfs" should find nothing after boot complete
      if external_storage.sdcardfs.enabled=0
Change-Id: I23d75fb1225aeabbcb1a035ad62fd042b6b3c7b5
2020-05-19 22:11:49 -07:00
Alistair Delva
ff1fc9bc41 Expand virtio_block check to other virtual devices
The Android Emulator isn't the only virtual device the virtio-block
detection code is useful for, and those platforms might not set any
discriminating properties to indicate that they are virtual.

Rework the virtio-block major detection to use /proc/devices instead
of hardcoding the assumption that any virtual platform can have
virtio-block at any experimental major; the new code permits only the
exact experimental major assigned to virtio-block.

The new code runs everywhere, but it will only run once and could be
expanded later to detect dynamic or experimental majors.

Bug: 156286088
Change-Id: Ieae805d08fddd0124a397636f04d99194a9ef7e5
2020-05-15 17:00:44 -07:00
Ricky Wai
e96b34fe82 Mount storage Android/data and Android/obb as tmpfs in app namespace
So Android/data and Android/obb won't be accessing fuse anymore,
and apps should not see other packages as well as it's sandboxed
the tmpfs.

Bug: 155462341
Test: atest AppDataIsolationTests pass after feature flag is on
Change-Id: I5658440772e669c1235d318f708a3d336523754f
2020-05-07 16:01:33 +01:00
Martijn Coenen
15070b1833 Merge "Don't do private app-dir permissions/quota on public volumes." into rvc-dev 2020-04-21 12:22:58 +00:00
Ricky Wai
ef63921f81 Bind mount install and android writable DATA and OBB dirs
To improvement performance, and also making them able to list
the dirs.

This should also be fine under b/151055432, as the whole obb
directory is mounted, renameTo() from installer to apps should be
a move not copy.

Bug: 153422990
Bug: 153540919
Test: atest AdoptableHostTest
Change-Id: Ia18fd4393db14a0f11d6e5b947dd716515bdeeef
2020-04-20 15:06:58 +01:00
Martijn Coenen
bf205ab7d4 Don't do private app-dir permissions/quota on public volumes.
While looking at some emulator logs, I noticed that we fail to create
dirs like /Android/data/com.foo/cache on public volumes, because we try
to chmod it; public volumes go completely through FUSE, even for
Android/, and so these operations will fail, because the underlying
UID/GID is not setup correctly.

Really the only thing we really have to do on public volumes is create
the dirs, like we used to do.

Bug: 152618535
Test: manually verify cache dirs can be created successfully
Change-Id: I66e5d0873f1198123787943b17b468eadf0a853d
2020-04-20 15:20:09 +02:00
Linus Tufvesson
75973cb0dd Replace EnsureDirExists with a call to setupAppDir
Test: Manually verified ownership of /storage/emulated/0/Android/data on cf_x86_phone-userdebug after enabling feature
Bug: 151455752

Change-Id: I75a1e3b769476e56094e41d82e7f8e1a72827ded
2020-04-03 10:29:51 +00:00
Ricky Wai
6b12257702 Make storage dirs remount fork() safe
Also, use the pids provided by system server to remount all existing
processes, so we don't need to do the heavy and unreliable scanning in
/proc anymore.

Bug: 149548518
Test: atest AdoptableHostTest
Change-Id: Ifb5b79a3bc5438f36e0d61ec8aec96bdbc60ca13
2020-03-12 18:16:27 +00:00
Ricky Wai
c1e33a3cc9 Add Android/data mounting along with obb mounting in vold
We should mount Android/data also, not only Android/obb.

Test: After flag is enabled, AdoptableHostTest still pass.
Bug: 148049767
Bug: 150584566
Change-Id: I26dc3756aa5843b85565495e9c2698130113f49a
Merged-In: I26dc3756aa5843b85565495e9c2698130113f49a
(cherry picked from commit d88e090098)
2020-03-02 10:58:44 +00:00
Ricky Wai
879b9c0a59 Merge "Mount direct boot apps obb dir after fuse is ready." 2020-02-19 19:42:13 +00:00
Ricky Wai
07e64a4cea Mount direct boot apps obb dir after fuse is ready.
- Remove bind mounting Android/ code as we want to bind mount obb dir
for each process instead.
- Set property "vold.vold.fuse_running_users" as an array of user id
for which fuse is ready to use.
- After fuse is ready for a user, fork a background process in vold
to bind mount all direct boot apps for that user so its direct boot
apps obb dir will be mounted to lower fs for imporoved performance.

Bug: 148049767
Bug: 137890172
Test: After flag is enabled, AdoptableHostTest still pass.
Change-Id: I90079fbeed1c91f9780ca71e37b0012884680b7c
2020-02-19 16:45:07 +00:00
Martijn Coenen
816f4d94f6 Add fixupAppDir() API.
This can be used to fixup application directories in case they have been
created by some other entity besides vold; the main use case for this
API right now is OBB directories, which can be created by installers
outside of vold; on devices without sdcardfs, such directories and the
files contained therein are not setup correctly. This API will make sure
everything is setup the way it needs to be setup.

Bug: 146419093
Test: inspect OBB dir after install
Change-Id: I2e35b7ac2992dbb21cc950e53651ffc07cfca907
2020-02-19 12:11:34 +01:00
Martijn Coenen
8b31810922 Merge "Stop using a regex for setupAppDir." 2020-02-14 11:44:13 +00:00
Risan
73a7a85c85 Passed kUsb and kSd flags
Initially, we were thinking to pass kInternal for non usb drive/sd card
drive (for local external storage like directory shared from ChromeOS).
Fortunately, the DocumentsUI logic apparently has TYPE_LOCAL with
R.drawable.ic_root_smartphone (that is overlayable) for external storage
other than TYPE_USB and TYPE_SD.

Therefore, instead of creating a kInternal flags, we can just passed kUsb
and kSd and not passing anything for "internal external storage" - which
will render ic_root_usb, ic_root_sd, and ic_root_smartphone as icons
accordingly. And since ic_root_smartphone is already overlayable,  we
could overlayed in /vendor - which effectively is what we initially
wanted when thinking of introducing kInternal flag.

Bug: 132796154
Test: Customize flags in /vendor for different devices and DocumentsUI
shows the ic_root_smartphone (which can be overlayed) when kUsb is not
passed, and USB icon when kUsb is passed.
Change-Id: I55f13e214bbb2aeed96b6950bcf391121174c354
2020-02-14 04:38:59 +00:00
TreeHugger Robot
dd85fe2e5e Merge "Add disk for StubVolume" 2020-02-14 04:35:15 +00:00
Martijn Coenen
b5a31c9985 Stop using a regex for setupAppDir.
This was hard to read and understand. Instead, fall back to explicit
string operations with more comments on what we're doing and what we're
allowing.

This also fixes an issue where apps were asking us to create dirs on
their behalf that our more than 2 levels deep, eg
com.foo/files/downloads ; I thought such paths weren't allowed, but
apparently they are (and there's no good reason for us to not set them
up correctly).

Bug: 149407572
Test: launch opera
Change-Id: I7c64831032b66e90960b96e41ee42c7d616a759c
2020-02-13 23:37:12 +01:00
Martijn Coenen
8a68a075a2 Remove appDirRoot argument from setupAppDir.
This is no longer needed, because vold can deduce this itself now.

Bug: 146419093
Test: builds
Change-Id: Ib4f4a4109919af683722a63b305b343ef5fe972d
2020-02-12 15:38:45 +01:00
Risan
82e90de23d Add disk for StubVolume
StubVolume is a volume type for ARC++ external storage. Named StubVolume
because it is managed from outside Android (not through Android kernel).

Previously, StubVolume is a diskless volume. However, as mentioned in
jsharkey@ email, a disk is needed for StubVolume to hold "kInternal"
(external storage type that is "external" from Android perspective,
but is "internal" to the device. For example shared directory from
ChromeOS to Android) and "kIndexable" (whether or not a disk should be
indexed by MediaStore).

The addition of disk means we could expose the createStubVolume API to
add a disk flags, which is also introduced in this CL.

Both kInternal and kIndexable will be introduced in separate CL.

Bug: 132796154
Test: Mount/unmount ARC++ removable device in ChromeOS.
Change-Id: I8b77fa1cf50ab38a2892272154dafdb78f079378
2020-02-12 07:42:40 +00:00
Martijn Coenen
04bb17f112 Use a regex to create application directories.
A regex allows us to be more specific in what kind of directories we
accept here, which in turn makes it easier to correctly create them.

Bug: 146419093
Test: atest FuseDaemonHostTest
Change-Id: Icb8911f6516eab81b9bbd567c7287be9f605e8b0
2020-02-11 14:22:30 +01:00
Automerger Merge Worker
cc733959f6 Merge "Refactor: make cryptfs.h smaller" am: 98c501d28e am: 645c2f40a0 am: ebbabdc8fb
Change-Id: If8c533aa196969adf38dcbf85673cebb39a79024
2020-02-08 02:27:49 +00:00
Paul Crowley
73be12dcd5 Refactor: make cryptfs.h smaller
Move most of it into cryptfs.cpp, and include cryptfs.h in fewer files.

Bug: 147814592
Test: Treehugger
Change-Id: Ia3592d73e7abc1f07a60538e0978a3033bdea7de
2020-02-07 11:16:12 -08:00
Martijn Coenen
62a4b279ab Setup Android/, Android/data and Android/obb dirs correctly.
Normally sdcardfs takes care of setting up these directories on-demand,
for example when an app requests its private data directory to be
created. On devices without sdcardfs however, we ourselves need to make
sure to setup the UID/GID of these directories correctly.

Introduce a new PrepareAndroidDirs() function which sets the dirs up
correctly. On devices without sdcardfs, that means:

Path              UID         GID         mode
/Android          media_rw    media_rw     771
/Android/data     media_rw    ext_data_rw  771
/Android/obb      media_rw    ext_obb_rw   771

Bug: 146419093
Test: wipe Android/, reboot, with and without sdcardfs, verify
      contents

Change-Id: I3a879089422c7fc449b6a3e6f1c4b386b86687a4
2020-02-04 13:02:49 +01:00
Martijn Coenen
0a7e9925a6 Automatically use correct lower paths for setupAppDir.
When we're asked to create an app directory, find the corresponding
volume, and use the raw path of that volume to create the directory.
This ensures this will continue working on devices that don't have
sdcardfs.

Bug: 146419093
Test: manual test on cuttlefish
Change-Id: I91d735c1adbcca171e5af73aca0abd7ef396d0b7
2020-01-27 14:00:29 +01:00
Martijn Coenen
b0e977a0b1 vold: Don't unmount /mnt/installer on start.
This is a slave bind mount of /mnt/user, created before we create the
two mount namespaces. Unmounting it here prevents us from re-creating it
in the right way, so leave it alone.

Bug: 134706060
Test: verify mount is still there after vold starts
Change-Id: Iaac91953cbb9abfef0aaac60f74b99b16c943f87
2020-01-11 19:24:26 +01:00
Martijn Coenen
8f391ad110 Merge changes I2c1d4b42,I06fe4d33
* changes:
  Conditionally use sdcardfs.
  Also delay creating found disks until user 0 is started.
2020-01-07 10:28:14 +00:00
Zim
c59d774149 Convert paths to lower filesystem paths during setupAppDir
Making FUSE request from vold is risky because the FUSE daemon may be
down and vold could get wedged.

Additionally, the FUSE daemon only responds to requests with matching
user id paths, i.e requests on /mnt/user/0/emulated/10 will fail.
So if vold (running as user 0) makes a request on
/storage/emulated/10, it really means /mnt/user/0/emulated/10
which will fail if it gets to the FUSE daemon.

TODO: Fix the lower filesystem paths to support devices without
sdcardfs

Bug: 141540368
Change-Id: I90d698f6aecd114d75b6d578ad08620988da7d7d
atest: atest android.appsecurity.cts.ExternalStorageHostTest#testMediaSandboxedFull
2020-01-06 21:55:13 +00:00
Martijn Coenen
cf5916f3fa Also delay creating found disks until user 0 is started.
Public and private volumes can be discovered before user 0 is up and
running; when using FUSE however, we can't mount these disks yet,
because we depend on the user to become unlocked before we can start the
FUSE daemon (which is the MediaProvider application process). So besides
waiting for any secure keyguard to be dismissed, also wait for user 0 to
be started.

Bug: 146419093
Test: Boot cuttlefish with a fake public volume; is available after
repeated boots.

Change-Id: I06fe4d336d1baec3a49886c3cf12d844a1d0eb26
2020-01-03 16:32:20 +01:00
Martijn Coenen
13ff668775 Replace mkdirs() with setupAppDir().
vold historically offerred functionality to create directories on behalf
of others. This functionality was purely used to create app-specific
data/obb/media dirs. Make this more explicit by renaming the method to
indicate this.

Additionally, in the past, we never needed to care about the UID set on
these directories, because sdcardfs would take care of that for us
automatically. But with sdcardfs going away, we need to make sure the
UID of the app-specific directories is set correctly. Allow the caller
to pass this in as an argument.

Bug: 146419093
Test: atest FuseDaemonHostTest
Change-Id: Ibeb5fdc91b40d53583bc0960ee11c4d640549c34
2019-12-31 15:58:41 +01:00
Martijn Coenen
1986bfda8d Vold mkdirs should use lower filesystem.
If vold's view of /storage is FUSE, it means that creation of
directories in Android/ will go through FUSE as well. The implementation
of fs_mkdirs() tries to opendir() individual parts of the entire path;
so for a path "/storage/emulated/0/Android", it will try to opendir()
"/storage", "/storage/emulated", etc.

By default, "/storage/emulated" is created with 711 permissions; while
vold itself is root, access to /storage/emulated is routed through
MediaProvider (because of FUSE), and MediaProvider doesn't run as root,
nor does it have the capabilities to bypass the ACL. This means that
fs_mkdirs() as it is will fail, because opendir("/storage/emulated")
will fail from MediaProvider.

To prevent this, route these accesses directly to the lower filesystem
(currently, sdcardfs), by renaming the paths.

Bug: 146189163
Test: atest AdoptableHostTest
Change-Id: Idbb41b9ffad9713f3b255c51bd4de16f4d090223
2019-12-17 14:43:26 +01:00
Abhijeet Kaur
01fa0e0d8d Replace "sys.fuse_snapshot" with "persist.sys.fuse"
With the newly added flag for Settings developer options, which is now
used to change the state of FUSE, PROP_FUSE now acts as the snapshot
feature flag for the current boot.

Bug: 145391093
Test: atest AdoptableHostTest
Change-Id: I22363b088e88c764294cbd61c6d94160c907fae3
2019-12-13 10:26:32 +00:00
Narayan Kamath
02efdf55d2 VolumeManager: limit the scope of remountUid post fork.
We want to be sure we're not allocating memory, holding locks
or otherwise preventing the child process from making progress.

This is a temporary fix of limited scope. In the medium term, it
would be preferable to exec a binary that performs this work for us
as soon as we fork.

Test: manual
Bug: 141678467

Change-Id: I57dbd9b3c887aa27e2dd609abf0ad43c66f4ef2a
2019-11-27 12:48:35 +00:00
Martijn Coenen
54bf4c03d1 Don't automatically start user 0.
It's the responsibility of the StorageManagerService to send down
started users after a reset(); and with the latest multi-user FUSE
changes, the manual start is no longer necessary.

Bug: 135341433
Test: atest AdoptableHostTest

Change-Id: I3c9c1d7c25ad10787212d7902fa3f1878ee5f896
2019-11-22 17:06:07 +01:00
Zim
2d45d9b420 Fix emulated volumes not created for secondary users
Ifabaa12368e5a591fbcdce4ee71c83ff35fdac6b introduced individual
emulated volumes for each Android user. The change however didn't
create the volumes for the secondary users on user start in vold
without the persist.sys.fuse flag

Now we always create the volumes but only mount sdcardfs volumes
for user 0 because the sdcardfs mount paths do not change with for
different users unlike the FUSE mount paths.

Bug: 144473552
Test: atest AdoptableHostTest
Test: Start a guest user in Settings and launch chrome browser in that
user, verify that chrome does not crash

Change-Id: I89f3591d0197d86267f0e3934f496273e2f9fd7e
2019-11-14 16:28:33 +00:00
Zim
a438b24368 Fix multi-user and multi-storage with FUSE
Up until now, the FUSE mount logic has made two assumptions:
1. The primary external volume is an emulated volume on /data/media
2. Only the primary user is running, as user zero

These assumptions are fixed by the following changes
creating an EmulatedVolume per Android user and changing the
VolumeBase id format to append the user to the id, so
s/emulated/emulated-0/. This allows us mount separate volumes per user

Some additional refactorings to re-use/clean up code.

Test: adb shell sm set-virtual-disk and partition disk operations work
even after setting up a work profile
Bug: 135341433

Change-Id: Ifabaa12368e5a591fbcdce4ee71c83ff35fdac6b
2019-11-11 20:24:49 +00:00
TreeHugger Robot
de735e608b Merge "Use snapshot value sys.fuse_snapshot instead of persist.sys.fuse" 2019-09-27 16:09:33 +00:00
shafik
5cf32b52a6 Use snapshot value sys.fuse_snapshot instead of persist.sys.fuse
This will allow us to receive values from server flags and store them in
persist.sys.fuse without risking flag consistency during a boot.

Test: manual - flip persist.sys.fuse both ways and make sure FuseDaemon
works as expected.
Bug: 140803239

Change-Id: I839a1973c98b4eda982226d20be48d1c08e7464a
2019-09-25 13:56:01 +01:00
Zim
981222f500 Bind mount lower filesystem during FUSE mount
When mounting a FUSE device on /mnt/user/<userid>/<vol>,
bind mount the correspoinding lower filesystem path to
/mnt/pass_through/<userid>/<vol>. At Zygote fork time, an
app with the right privilege will have the pass_through path
bind mounted into /storage instead of the /mnt/user path.

This provides such an app direct access to the lower filesystem
without going through FUSE.

Bug: 140064376
Test: mount(8) shows /mnt/pass_through/0/emulated is a bind
mount of the lower fs

Change-Id: I32c3cad64138910fcec9fb8f66b206706b5fd139
2019-09-24 10:39:13 +01:00
Zim
1711236e02 Avoid touching FUSE mounts on vold binder threads
On user unlock when persist.sys.fuse property is set,
StorageManagerService calls into vold to link the primary
volumes. Because this involves accessing a FUSE path that
has not been initialized, vold should offload this work
from the binder thread, otherwise it would wedge and the
system server would wedge causing a Watchdog trigger.

This fixes a bug where we 'link primary' twice and vold
gets wedged on system server restarts.

Bug: 140064376
Test: with the FUSE property set:
adb shell stop && adb shell start && adb shell ls /sdcard

Change-Id: I0eb86f8ba256c385c916e2a0389a4f7482fc3775
2019-09-03 23:12:12 +01:00
Zim
3623a212e3 Mount /dev/fuse on /mnt/user/<userid>/<volumeid>
Since system_server cannot mount devices by itself,
add a binder interface to vold that system_server
can call to initiate this mount when required.

BUG: 135341433
Test: manual
Test: atest --test-mapping packages/providers/MediaProvider
Test: ExternalStorageHostTest DownloadProviderTests

Change-Id: If4fd02a1f1a8d921a3f96783d8c73e085c5b7ca1
2019-08-28 10:49:27 +01:00
Sudheer Shanka
8f2ff80e87 Support "full" mode when updating bind mounts of a process.
Bug: 133829348
Test: manual
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/ExternalStorageHostTest.java
Change-Id: I5f48ecbfe8cce243fa75a2e8447ce1d4676003ad
2019-05-30 16:40:20 -07:00
Sudheer Shanka
ebce4cc16b Remove storage sandboxes related code.
Bug: 131115422
Test: manual
Test: atest --test-mapping packages/providers/MediaProvider
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/ExternalStorageHostTest.java
Test: atest DownloadProviderTests
Test: atest cts/tests/app/src/android/app/cts/DownloadManagerTest.java
Test: atest cts/tests/app/DownloadManagerLegacyTest/src/android/app/cts/DownloadManagerLegacyTest.java
Test: atest cts/tests/app/DownloadManagerApi28Test/src/android/app/cts/DownloadManagerApi28Test.java
Change-Id: Ib3272a47a901ed106474039e72f123b11f5443ff
Merged-In: Ib3272a47a901ed106474039e72f123b11f5443ff
2019-05-09 17:46:30 +00:00
Sudheer Shanka
36bdf7ab54 Update remountUidLegacy to handle "full" mount mode.
Bug: 130791955
Test: manual
Change-Id: I078c2922d1d5a8d16bbb213201a3cad7b1bf4b86
2019-04-18 15:18:30 -07:00
Sudheer Shanka
a05ea743f0 Allow sandboxed apps to access only package specific dirs.
Bug: 130427780
Test: manual
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/ExternalStorageHostTest.java
Change-Id: I7afcea090306336c4033860084a2a436d2bb4740
2019-04-12 16:40:57 -07:00
Nick Kralevich
58e1a816ba VolumeManager: more O_CLOEXEC changes
Test: compiles and boots
Bug: 129350825
Change-Id: Ie6a0e05f1814d744eb16863f749c939ab1e097e0
2019-03-29 19:23:40 -07:00
Nick Kralevich
9bda3fe810 Merge "vold: cleanups for O_CLOEXEC tidy checks." am: a59868d6de am: 5af0c75525
am: 4197c098df

Change-Id: Ibe3636abcfafab7854c7b0434095b6e91fadcacf
2019-03-29 18:46:07 -07:00
Nick Kralevich
e7e89acbc8 vold: cleanups for O_CLOEXEC tidy checks.
Bug: 129350825
Test: compiles and boots
Change-Id: I83a484ca15df1b757b670008f15af5504bc94df1
2019-03-29 16:04:47 -07:00
Jiyong Park
4b64463572 Merge "Don't unmount /storage for early native processes" am: ee9554b2d9 am: b5acb5bfba
am: f1baff6ddd

Change-Id: I7107dd9d24dd07f9c17ea11d24db17db2cd10f12
2019-03-08 18:05:14 -08:00
Jiyong Park
8d21c924d7 Don't unmount /storage for early native processes
Motivation:

Early processes launched before the runtime APEX - that hosts the bionic
libs - is activated can't use the bionic libs from the APEX, but from the
system partition (which we call the bootstrap bionic). Other processes
after the APEX activation should use the bionic libs from the APEX.
In order to let both types of processes to access the bionic libs via
the same standard paths /system/lib/{libc|libdl|libm}.so, some mount
namespace magic is used.

To be specific, when the device boots, the init initially bind-mounts
the bootstrap bionic libs to the standard paths with MS_PRIVATE. Early
processes are then executed with their own mount namespaces (via
unshare(CLONE_NEWNS)). After the runtime APEX is activated, init
bind-mounts the bionic libs in the APEX to the same standard paths.
Processes launched thereafter use the bionic libs from the APEX (which
can be updated.)

Important thing is that, since the propagation type of the mount points
(the standard paths) is 'private', the new bind-mount events for the
updated bionic libs should not affect the early processes. Otherwise,
they would experience sudden change of bionic libs at runtime. However,
other mount/unmounts events outside of the private mount points are
still shared across early/late processes as before. This is made possible
because the propagation type of / is 'shared' .

Problem:

vold uses the equality of the mount namespace to filter-out processes
that share the global mount namespace (the namespace of the init). However,
due to the aforementioned change, the early processes are not filtered
out because they have different mount namespaces. As a result,
umount2("/storage/") is executed on them and this unmount event
becomes visible to the global mount namespace (because as mentioned before /
is 'shared').

Solution:

Fiter-out the early processes by skipping a native (non-Java) process
whose UID is < AID_APP. The former condition is because all early
processes are native ones; i.e., zygote is started after the runtime
APEX is activated. The latter condition is to not filter-out native
processes created locally by apps.

Bug: 120266448
Test: m; device boots

Change-Id: I054deedc4af8421854cf35be84e14995523a259a
2019-03-04 16:22:41 +09:00
Sudheer Shanka
23d725d85a Ignore packages whose sandboxes are already created.
Bug: 124788246
Test: manual
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/ExternalStorageHostTest.java
Change-Id: Ie80bbdebc9d3d50e96d2cd17db804b7589b49055
2019-02-28 10:46:48 -08:00