Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3a3d0177 authored by Ricky Wai's avatar Ricky Wai
Browse files

Do not mount the whole Android/data and Android/obb anymore 

The package list should not be empty, and we should always bind mount
Android/obb/$PKG and Android/data/$PKG, otherwise apps may able to
access Android/obb and Android/data directly.

Bug: 152018883
Test: atest AdoptableHostTest
Test: atest FuseDaemonHostTest

Change-Id: I47660bb9756bede246ca6b93ca31ebefade0d6f5
parent 4ae27323

core/jni/com_android_internal_os_Zygote.cpp

+5 −15
Original line number Original line Diff line number Diff line
@@ -1550,22 +1550,15 @@ static void isolateJitProfile(JNIEnv* env, jobjectArray pkg_data_info_list, 
static void BindMountStorageToLowerFs(const userid_t user_id, const char* dir_name,

static void BindMountStorageToLowerFs(const userid_t user_id, const char* dir_name,

    const char* package, fail_fn_t fail_fn) {

    const char* package, fail_fn_t fail_fn) {





  bool hasPackage = (package != nullptr);

  bool hasSdcardFs = IsFilesystemSupported("sdcardfs");

  bool hasSdcardFs = IsFilesystemSupported("sdcardfs");

  std::string source;

  std::string source;

  if (hasSdcardFs) {

  if (hasSdcardFs) {

    source = hasPackage ?

    source = StringPrintf("/mnt/runtime/default/emulated/%d/%s/%s", user_id, dir_name, package);

        StringPrintf("/mnt/runtime/default/emulated/%d/%s/%s", user_id, dir_name, package) :

        StringPrintf("/mnt/runtime/default/emulated/%d/%s", user_id, dir_name);

  } else {

  } else {

    source = hasPackage ?

    source = StringPrintf("/mnt/pass_through/%d/emulated/%d/%s/%s",

        StringPrintf("/mnt/pass_through/%d/emulated/%d/%s/%s",

        user_id, user_id, dir_name, package);

            user_id, user_id, dir_name, package) :

        StringPrintf("/mnt/pass_through/%d/emulated/%d/%s", user_id, user_id, dir_name);

  }

  }

  std::string target = hasPackage ?

  std::string target = StringPrintf("/storage/emulated/%d/%s/%s", user_id, dir_name, package);

      StringPrintf("/storage/emulated/%d/%s/%s", user_id, dir_name, package) :

      StringPrintf("/storage/emulated/%d/%s", user_id, dir_name);





  if (access(source.c_str(), F_OK) != 0) {

  if (access(source.c_str(), F_OK) != 0) {

    fail_fn(CREATE_ERROR("Error accessing %s: %s", source.c_str(), strerror(errno)));

    fail_fn(CREATE_ERROR("Error accessing %s: %s", source.c_str(), strerror(errno)));
@@ -1589,10 +1582,7 @@ static void BindMountStorageDirs(JNIEnv* env, jobjectArray pkg_data_info_list, 
  int size = (pkg_data_info_list != nullptr) ? env->GetArrayLength(pkg_data_info_list) : 0;

  int size = (pkg_data_info_list != nullptr) ? env->GetArrayLength(pkg_data_info_list) : 0;





  if (size == 0) {

  if (size == 0) {

    // App data isolation is not enabled for this process, so we bind mount to whole obb/ dir.

    fail_fn(CREATE_ERROR("Data package list cannot be empty"));

    BindMountStorageToLowerFs(user_id, "Android/obb", /* package */ nullptr, fail_fn);

    BindMountStorageToLowerFs(user_id, "Android/data", /* package */ nullptr, fail_fn);

    return;

  }

  }





  // Bind mount each package obb directory

  // Bind mount each package obb directory