From 928e1ecfe2ca8deb7421f06c80bb4ae02d27f030 Mon Sep 17 00:00:00 2001 From: Jeff Sharkey Date: Thu, 6 Aug 2015 11:40:21 -0700 Subject: Protect runtime storage mount points. We have a bunch of magic that mounts the correct view of storage access based on the runtime permissions of an app, but we forgot to protect the real underlying data sources; oops. This series of changes just bumps the directory heirarchy one level to give us /mnt/runtime which we can mask off as 0700 to prevent people from jumping to the exposed internals. Also add CTS tests to verify that we're protecting access to internal mount points like this. Bug: 22964288 Change-Id: I74dbdcb01d4fabe92166b8043a74c6a1e93c6d5f --- core/jni/com_android_internal_os_Zygote.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp index db88962efccc..7a725ae75e90 100644 --- a/core/jni/com_android_internal_os_Zygote.cpp +++ b/core/jni/com_android_internal_os_Zygote.cpp @@ -298,11 +298,11 @@ static bool MountEmulatedStorage(uid_t uid, jint mount_mode, String8 storageSource; if (mount_mode == MOUNT_EXTERNAL_DEFAULT) { - storageSource = "/mnt/runtime_default"; + storageSource = "/mnt/runtime/default"; } else if (mount_mode == MOUNT_EXTERNAL_READ) { - storageSource = "/mnt/runtime_read"; + storageSource = "/mnt/runtime/read"; } else if (mount_mode == MOUNT_EXTERNAL_WRITE) { - storageSource = "/mnt/runtime_write"; + storageSource = "/mnt/runtime/write"; } else { // Sane default of no storage visible return true; -- cgit v1.2.3-59-g8ed1b