Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ef927522 authored by Eric Biggers's avatar Eric Biggers
Browse files

Move creation of /data/user/0 and /data/media/obb to vold 

To prevent bugs, directory creation and encryption should happen
together.  /data/user/0 (and its "alias" /data/data) is a per-user
encrypted directory; such directories can only be encrypted by vold.
Therefore, move its creation to vold as well.

Besides closing the uncomfortably-large gap between the creation and
encryption of /data/user/0, this allows removing init's write access to
/data/user and similar directories (SELinux type system_userdir_file) to
prevent any such issues from being reintroduced in the future.

To also allow removing init's write access to /data/media (SELinux type
media_userdir_file), which also contains per-user encrypted directories,
also move the creation and encryption of /data/media/obb to vold.

Bug: 156305599
BYPASS_INCLUSIVE_LANGUAGE_REASON=Linux API ("slave" mount flag)
Change-Id: I7245251eeb56b345b6c7711482c0aa5848648edb
parent abff801a

init/util.cpp

+0 −6
Original line number Diff line number Diff line
@@ -465,12 +465,6 @@ static FscryptAction FscryptInferAction(const std::string& dir) { 
        return FscryptAction::kNone;

    }



    // Special-case /data/media/obb per b/64566063

    if (dir == "/data/media/obb") {

        // Try to set policy on this directory, but if it is non-empty this may fail.

        return FscryptAction::kAttempt;

    }



    // Only set policy on first level /data directories

    // To make this less restrictive, consider using a policy file.

    // However this is overkill for as long as the policy is simply

rootdir/init.rc

+4 −12
Original line number Diff line number Diff line
@@ -840,7 +840,6 @@ on post-fs-data 
    # Do not place files or directories in /data/local/tmp

    mkdir /data/local/tmp 0771 shell shell

    mkdir /data/local/traces 0777 shell shell

    mkdir /data/data 0771 system system encryption=None

    mkdir /data/app-private 0771 system system encryption=Require

    mkdir /data/app-ephemeral 0771 system system encryption=Require

    mkdir /data/app-asec 0700 root root encryption=Require
@@ -915,13 +914,6 @@ on post-fs-data 
    mkdir /data/user 0711 system system encryption=None

    mkdir /data/user_de 0711 system system encryption=None



    # Unlink /data/user/0 if we previously symlink it to /data/data

    rm /data/user/0



    # Bind mount /data/user/0 to /data/data

    mkdir /data/user/0 0700 system system encryption=None

    mount none /data/data /data/user/0 bind rec



    # A tmpfs directory, which will contain all apps CE DE data directory that

    # bind mount from the original source.

    mount tmpfs tmpfs /data_mirror nodev noexec nosuid mode=0700,uid=0,gid=1000
@@ -933,8 +925,10 @@ on post-fs-data 
    mkdir /data_mirror/data_ce/null 0700 root root

    mkdir /data_mirror/data_de/null 0700 root root



    # Bind mount CE and DE data directory to mirror's default volume directory

    mount none /data/user /data_mirror/data_ce/null bind rec

    # Bind mount CE and DE data directory to mirror's default volume directory.

    # The 'slave' option (MS_SLAVE) is needed to cause the later bind mount of

    # /data/data onto /data/user/0 to propagate to /data_mirror/data_ce/null/0.

    mount none /data/user /data_mirror/data_ce/null bind rec slave

    mount none /data/user_de /data_mirror/data_de/null bind rec



    # Create mirror directory for jit profiles
@@ -967,10 +961,8 @@ on post-fs-data 
    wait_for_prop apexd.status activated

    perform_apex_config



    # Special-case /data/media/obb per b/64566063

    mkdir /data/media 0770 media_rw media_rw encryption=None

    exec - media_rw media_rw -- /system/bin/chattr +F /data/media

    mkdir /data/media/obb 0770 media_rw media_rw encryption=Attempt



    # Create directories for boot animation.

    mkdir /data/bootanim 0755 system system encryption=None