Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6ff4f2a3 authored by Ricky Wai's avatar Ricky Wai
Browse files

Isolate profile ref data 

Due to aosp/1708274, ref data directory is now world accessible.
We need to fix ref data directory so that it does not leak app
visibility information.

Bug: 189787375
Test: AppDataIsolationTests
Change-Id: Iffd8baa74f71ee7a97884f7564643740569556e4
parent ccb14ac8

core/jni/com_android_internal_os_Zygote.cpp

+12 −0
Original line number Diff line number Diff line
@@ -168,6 +168,7 @@ static constexpr const uint64_t UPPER_HALF_WORD_MASK = 0xFFFF'FFFF'0000'0000; 
static constexpr const uint64_t LOWER_HALF_WORD_MASK = 0x0000'0000'FFFF'FFFF;



static constexpr const char* kCurProfileDirPath = "/data/misc/profiles/cur";

static constexpr const char* kRefProfileDirPath = "/data/misc/profiles/ref";



/**

 * The maximum value that the gUSAPPoolSizeMax variable may take.  This value
@@ -1431,6 +1432,7 @@ static void isolateJitProfile(JNIEnv* env, jobjectArray pkg_data_info_list, 
  // Mount (namespace) tmpfs on profile directory, so apps no longer access

  // the original profile directory anymore.

  MountAppDataTmpFs(kCurProfileDirPath, fail_fn);

  MountAppDataTmpFs(kRefProfileDirPath, fail_fn);



  // Create profile directory for this user.

  std::string actualCurUserProfile = StringPrintf("%s/%d", kCurProfileDirPath, user_id);
@@ -1444,14 +1446,24 @@ static void isolateJitProfile(JNIEnv* env, jobjectArray pkg_data_info_list, 
        packageName.c_str());

    std::string mirrorCurPackageProfile = StringPrintf("/data_mirror/cur_profiles/%d/%s",

        user_id, packageName.c_str());

    std::string actualRefPackageProfile = StringPrintf("%s/%s", kRefProfileDirPath,

        packageName.c_str());

    std::string mirrorRefPackageProfile = StringPrintf("/data_mirror/ref_profiles/%s",

        packageName.c_str());



    if (access(mirrorCurPackageProfile.c_str(), F_OK) != 0) {

      ALOGW("Can't access app profile directory: %s", mirrorCurPackageProfile.c_str());

      continue;

    }

    if (access(mirrorRefPackageProfile.c_str(), F_OK) != 0) {

      ALOGW("Can't access app profile directory: %s", mirrorRefPackageProfile.c_str());

      continue;

    }



    PrepareDir(actualCurPackageProfile, DEFAULT_DATA_DIR_PERMISSION, uid, uid, fail_fn);

    BindMount(mirrorCurPackageProfile, actualCurPackageProfile, fail_fn);

    PrepareDir(actualRefPackageProfile, DEFAULT_DATA_DIR_PERMISSION, uid, uid, fail_fn);

    BindMount(mirrorRefPackageProfile, actualRefPackageProfile, fail_fn);

  }

}