No description
8d21c924d7
Motivation:
Early processes launched before the runtime APEX - that hosts the bionic
libs - is activated can't use the bionic libs from the APEX, but from the
system partition (which we call the bootstrap bionic). Other processes
after the APEX activation should use the bionic libs from the APEX.
In order to let both types of processes to access the bionic libs via
the same standard paths /system/lib/{libc|libdl|libm}.so, some mount
namespace magic is used.
To be specific, when the device boots, the init initially bind-mounts
the bootstrap bionic libs to the standard paths with MS_PRIVATE. Early
processes are then executed with their own mount namespaces (via
unshare(CLONE_NEWNS)). After the runtime APEX is activated, init
bind-mounts the bionic libs in the APEX to the same standard paths.
Processes launched thereafter use the bionic libs from the APEX (which
can be updated.)
Important thing is that, since the propagation type of the mount points
(the standard paths) is 'private', the new bind-mount events for the
updated bionic libs should not affect the early processes. Otherwise,
they would experience sudden change of bionic libs at runtime. However,
other mount/unmounts events outside of the private mount points are
still shared across early/late processes as before. This is made possible
because the propagation type of / is 'shared' .
Problem:
vold uses the equality of the mount namespace to filter-out processes
that share the global mount namespace (the namespace of the init). However,
due to the aforementioned change, the early processes are not filtered
out because they have different mount namespaces. As a result,
umount2("/storage/") is executed on them and this unmount event
becomes visible to the global mount namespace (because as mentioned before /
is 'shared').
Solution:
Fiter-out the early processes by skipping a native (non-Java) process
whose UID is < AID_APP. The former condition is because all early
processes are native ones; i.e., zygote is started after the runtime
APEX is activated. The latter condition is to not filter-out native
processes created locally by apps.
Bug: 120266448
Test: m; device boots
Change-Id: I054deedc4af8421854cf35be84e14995523a259a
|
||
|---|---|---|
| bench | ||
| binder/android/os | ||
| fs | ||
| model | ||
| tests | ||
| .clang-format | ||
| Android.bp | ||
| AppFuseUtil.cpp | ||
| AppFuseUtil.h | ||
| Benchmark.cpp | ||
| Benchmark.h | ||
| BenchmarkGen.h | ||
| CheckEncryption.cpp | ||
| CheckEncryption.h | ||
| Checkpoint.cpp | ||
| Checkpoint.h | ||
| CleanSpec.mk | ||
| cryptfs.cpp | ||
| cryptfs.h | ||
| Devmapper.cpp | ||
| Devmapper.h | ||
| EncryptInplace.cpp | ||
| EncryptInplace.h | ||
| FileDeviceUtils.cpp | ||
| FileDeviceUtils.h | ||
| FsCrypt.cpp | ||
| FsCrypt.h | ||
| IdleMaint.cpp | ||
| IdleMaint.h | ||
| KeyBuffer.cpp | ||
| KeyBuffer.h | ||
| Keymaster.cpp | ||
| Keymaster.h | ||
| KeyStorage.cpp | ||
| KeyStorage.h | ||
| KeyUtil.cpp | ||
| KeyUtil.h | ||
| Loop.cpp | ||
| Loop.h | ||
| main.cpp | ||
| MetadataCrypt.cpp | ||
| MetadataCrypt.h | ||
| MoveStorage.cpp | ||
| MoveStorage.h | ||
| NetlinkHandler.cpp | ||
| NetlinkHandler.h | ||
| NetlinkManager.cpp | ||
| NetlinkManager.h | ||
| OWNERS | ||
| PREUPLOAD.cfg | ||
| Process.cpp | ||
| Process.h | ||
| ScryptParameters.cpp | ||
| ScryptParameters.h | ||
| secdiscard.cpp | ||
| sehandle.h | ||
| Utils.cpp | ||
| Utils.h | ||
| vdc.cpp | ||
| vdc.rc | ||
| vold.rc | ||
| vold_prepare_subdirs.cpp | ||
| VoldNativeService.cpp | ||
| VoldNativeService.h | ||
| VoldUtil.cpp | ||
| VoldUtil.h | ||
| VolumeManager.cpp | ||
| VolumeManager.h | ||
| wait_for_keymaster.cpp | ||
| wait_for_keymaster.rc | ||