From b911bc6afc6872e4c9a8d5c7c9c56c1b44644ed2 Mon Sep 17 00:00:00 2001
From: Samiul Islam <samiul@google.com>
Date: Fri, 14 Jan 2022 16:24:48 +0000
Subject: Create supplemental data directories when app data is created

Supplemental data is closely related to app data, as such we want
their creation to happen at the same time. Owner of the these data
will be the supplemental process instead of the app.

The root directory for supplemental data is
/data/misc_{ce,de}/<user-id>/supplemental. This directory will be
created by vold when user is created.

Installd is responsible for creating app level directories under the
root, e.g, /data/misc_ce/0/supplemental/<app-name>. We also need code
level directory under the app direcotory, but that will be done with a
separate API. CreateAppData is responsible for things at app level, so
we will be maintaining the same level of abstraction.

Instlld will also create the shared directory under the app-level
directory, e.g, /data/misc_ce/0/supplemental/<app-name>/shared and
`cache` and `code_cache` directory under the `shared` directory.

Supplemental data should be removed when app data is removed. This
will be done in follow up Cls too.

Some of the public APIs of installd service was not being used by
anybody else, so made them private.

Bug: 211763739
Bug: 217543371
Test: atest installd_service_test:AppSupplementalDataTest
Ignore-AOSP-First: Feature is being developed in internal branch
Change-Id: I966c76b032821610293c53ba875e2800a5ce4804
Merged-In: I966c76b032821610293c53ba875e2800a5ce4804
(cherry picked from commit c40dff533dd842bf6fae21c05eea472be7106ba2)
---
 cmds/installd/InstalldNativeService.cpp | 77 +++++++++++++++++++++++++++++++--
 1 file changed, 73 insertions(+), 4 deletions(-)

(limited to 'cmds/installd/InstalldNativeService.cpp')

diff --git a/cmds/installd/InstalldNativeService.cpp b/cmds/installd/InstalldNativeService.cpp
index 4e3aae4312..7c219449d3 100644
--- a/cmds/installd/InstalldNativeService.cpp
+++ b/cmds/installd/InstalldNativeService.cpp
@@ -18,13 +18,9 @@
 
 #define ATRACE_TAG ATRACE_TAG_PACKAGE_MANAGER
 
-#include <algorithm>
 #include <errno.h>
-#include <fstream>
 #include <fts.h>
-#include <functional>
 #include <inttypes.h>
-#include <regex>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -40,6 +36,11 @@
 #include <sys/wait.h>
 #include <sys/xattr.h>
 #include <unistd.h>
+#include <algorithm>
+#include <filesystem>
+#include <fstream>
+#include <functional>
+#include <regex>
 
 #include <android-base/file.h>
 #include <android-base/logging.h>
@@ -720,6 +721,74 @@ binder::Status InstalldNativeService::createAppDataLocked(
             return error("Failed to prepare profiles for " + packageName);
         }
     }
+
+    {
+        auto status = createAppDirectoryForSupplementalData(uuid, packageName, userId, appId,
+                                                            previousAppId, seInfo, flags);
+        if (!status.isOk()) {
+            return status;
+        }
+    }
+
+    return ok();
+}
+
+/**
+ * Responsible for creating /data/user/0/supplemental/<app-name> directory and other
+ * app level sub directories, such as ./shared
+ */
+binder::Status InstalldNativeService::createAppDirectoryForSupplementalData(
+        const std::optional<std::string>& uuid, const std::string& packageName, int32_t userId,
+        int32_t appId, int32_t previousAppId, const std::string& seInfo, int32_t flags) {
+    int32_t supplementalUid = multiuser_get_supplemental_uid(userId, appId);
+    if (supplementalUid == -1) {
+        // There no valid supplemental process for this app. Skip creation of data directory
+        return ok();
+    }
+
+    // TODO(b/211763739): what if uuid is not nullptr or TEST?
+    const char* uuid_ = uuid ? uuid->c_str() : nullptr;
+
+    constexpr int storageFlags[2] = {FLAG_STORAGE_CE, FLAG_STORAGE_DE};
+    for (int i = 0; i < 2; i++) {
+        int currentFlag = storageFlags[i];
+        if ((flags & currentFlag) == 0) {
+            continue;
+        }
+        bool isCeData = (currentFlag == FLAG_STORAGE_CE);
+
+        // /data/misc_{ce,de}/<user-id>/supplemental directory gets created by vold
+        // during user creation
+
+        // Prepare the app directory
+        auto appPath = create_data_misc_supplemental_package_path(uuid_, isCeData, userId,
+                                                                  packageName.c_str());
+        if (prepare_app_dir(appPath, 0751, AID_SYSTEM)) {
+            return error("Failed to prepare " + appPath);
+        }
+
+        // Now prepare the shared directory which will be accessible by all codes
+        auto sharedPath = create_data_misc_supplemental_shared_path(uuid_, isCeData, userId,
+                                                                    packageName.c_str());
+
+        int32_t previousSupplementalUid = multiuser_get_supplemental_uid(userId, previousAppId);
+        int32_t cacheGid = multiuser_get_cache_gid(userId, appId);
+        if (cacheGid == -1) {
+            return exception(binder::Status::EX_ILLEGAL_STATE,
+                             StringPrintf("cacheGid cannot be -1 for supplemental data"));
+        }
+        auto status = createAppDataDirs(sharedPath, supplementalUid, &previousSupplementalUid,
+                                        cacheGid, seInfo, 0700);
+        if (!status.isOk()) {
+            return status;
+        }
+
+        // TODO(b/211763739): We also need to handle art profile creations
+
+        // TODO(b/211763739): And return the CE inode of the supplemental root directory and
+        // app directory under it so we can clear contents while CE storage is locked
+    }
+
     return ok();
 }
 
-- 
cgit v1.2.3-59-g8ed1b