diff options
| author | 2020-04-16 17:37:40 +0100 | |
|---|---|---|
| committer | 2020-04-20 23:56:24 +0000 | |
| commit | 3a3d01771b8bdc8a581ecffbaecd660c55c4b398 (patch) | |
| tree | 95e04a77624de9ec78f60de1a8c7c1db3e98c226 | |
| parent | 4ae27323612fc649b74007d78e40385294458f75 (diff) | |
Do not mount the whole Android/data and Android/obb anymore
The package list should not be empty, and we should always bind mount
Android/obb/$PKG and Android/data/$PKG, otherwise apps may able to
access Android/obb and Android/data directly.
Bug: 152018883
Test: atest AdoptableHostTest
Test: atest FuseDaemonHostTest
Change-Id: I47660bb9756bede246ca6b93ca31ebefade0d6f5
| -rw-r--r-- | core/jni/com_android_internal_os_Zygote.cpp | 20 |
1 files changed, 5 insertions, 15 deletions
diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp index 924dc4b3a051..86c6d2c5cc70 100644 --- a/core/jni/com_android_internal_os_Zygote.cpp +++ b/core/jni/com_android_internal_os_Zygote.cpp @@ -1550,22 +1550,15 @@ static void isolateJitProfile(JNIEnv* env, jobjectArray pkg_data_info_list, static void BindMountStorageToLowerFs(const userid_t user_id, const char* dir_name, const char* package, fail_fn_t fail_fn) { - bool hasPackage = (package != nullptr); bool hasSdcardFs = IsFilesystemSupported("sdcardfs"); std::string source; if (hasSdcardFs) { - source = hasPackage ? - StringPrintf("/mnt/runtime/default/emulated/%d/%s/%s", user_id, dir_name, package) : - StringPrintf("/mnt/runtime/default/emulated/%d/%s", user_id, dir_name); + source = StringPrintf("/mnt/runtime/default/emulated/%d/%s/%s", user_id, dir_name, package); } else { - source = hasPackage ? - StringPrintf("/mnt/pass_through/%d/emulated/%d/%s/%s", - user_id, user_id, dir_name, package) : - StringPrintf("/mnt/pass_through/%d/emulated/%d/%s", user_id, user_id, dir_name); + source = StringPrintf("/mnt/pass_through/%d/emulated/%d/%s/%s", + user_id, user_id, dir_name, package); } - std::string target = hasPackage ? - StringPrintf("/storage/emulated/%d/%s/%s", user_id, dir_name, package) : - StringPrintf("/storage/emulated/%d/%s", user_id, dir_name); + std::string target = StringPrintf("/storage/emulated/%d/%s/%s", user_id, dir_name, package); if (access(source.c_str(), F_OK) != 0) { fail_fn(CREATE_ERROR("Error accessing %s: %s", source.c_str(), strerror(errno))); @@ -1589,10 +1582,7 @@ static void BindMountStorageDirs(JNIEnv* env, jobjectArray pkg_data_info_list, int size = (pkg_data_info_list != nullptr) ? env->GetArrayLength(pkg_data_info_list) : 0; if (size == 0) { - // App data isolation is not enabled for this process, so we bind mount to whole obb/ dir. - BindMountStorageToLowerFs(user_id, "Android/obb", /* package */ nullptr, fail_fn); - BindMountStorageToLowerFs(user_id, "Android/data", /* package */ nullptr, fail_fn); - return; + fail_fn(CREATE_ERROR("Data package list cannot be empty")); } // Bind mount each package obb directory |