commit 40ab6742a7b8f96abc0fb9407df473fd310a3513
author Sudheer Shanka <sudheersai@google.com> Tue Sep 18 13:07:45 2018 -0700
committer Sudheer Shanka <sudheersai@google.com> Thu Sep 27 15:50:26 2018 -0700
tree e7565ffda5a24aa9f0db683e6ee48fb5445c9069
parent 144e7cc25ac094be4374b8eadca2b10b3ab48f2d

Bind mount pkg specific dirs in the zygote child namespaces.

- Also update vold to create sandboxes for secondary storage devices.
- Since bind mounts are created in the process specific namespaces, we
  don't need /mnt/storage anymore which we were using it to prevent
  some bind mounts from propagating onto /mnt/runtime/write.
- Create bind mounts for {media,obb} dirs similar to data dir in
  per process namespace.
- Also fix a bug where we are not passing correct packages to vold when
  a new user starts.

Bug: 111890351
Test: manual
Change-Id: I7849efc4fbf3c654606fa30de7ab2de0236d766f

model/PublicVolume.cpp

diff --git a/model/PublicVolume.cpp b/model/PublicVolume.cpp
index 3646290..77a156c 100644
--- a/model/PublicVolume.cpp
+++ b/model/PublicVolume.cpp
@@ -21,6 +21,7 @@
 #include "fs/Vfat.h"
 
 #include <android-base/logging.h>
+#include <android-base/properties.h>
 #include <android-base/stringprintf.h>
 #include <cutils/fs.h>
 #include <private/android_filesystem_config.h>
@@ -34,6 +35,7 @@
 #include <sys/types.h>
 #include <sys/wait.h>
 
+using android::base::GetBoolProperty;
 using android::base::StringPrintf;
 
 namespace android {
@@ -43,6 +45,8 @@
 
 static const char* kAsecPath = "/mnt/secure/asec";
 
+static const char* kIsolatedStorage = "persist.sys.isolated_storage";
+
 PublicVolume::PublicVolume(dev_t device) : VolumeBase(Type::kPublic), mDevice(device), mFusePid(0) {
     setId(StringPrintf("public:%u,%u", major(device), minor(device)));
     mDevPath = StringPrintf("/dev/block/vold/%s", getId().c_str());
@@ -179,16 +183,36 @@
                 PLOG(ERROR) << "Failed to exec";
             }
         } else {
+            // In Pre-Q, apps have full read access to secondary storage devices but only
+            // write access for their package specific directories. In Q, they only have access
+            // to their own sandboxes and they can write anywhere inside the sandbox. Instead of
+            // updating sdcardfs to allow packages writing into their own sandboxes, we could
+            // just allow them to write anywhere by passing "-w".
             // clang-format off
-            if (execl(kFusePath, kFusePath,
-                    "-u", "1023", // AID_MEDIA_RW
-                    "-g", "1023", // AID_MEDIA_RW
-                    "-U", std::to_string(getMountUserId()).c_str(),
-                    mRawPath.c_str(),
-                    stableName.c_str(),
-                    NULL)) {
-                // clang-format on
-                PLOG(ERROR) << "Failed to exec";
+            if (GetBoolProperty(kIsolatedStorage, false)) {
+                if (execl(kFusePath, kFusePath,
+                        "-u", "1023", // AID_MEDIA_RW
+                        "-g", "1023", // AID_MEDIA_RW
+                        "-U", std::to_string(getMountUserId()).c_str(),
+                        "-w",
+                        mRawPath.c_str(),
+                        stableName.c_str(),
+                        NULL)) {
+                    // clang-format on
+                    PLOG(ERROR) << "Failed to exec";
+                }
+            } else {
+                // clang-format off
+                if (execl(kFusePath, kFusePath,
+                        "-u", "1023", // AID_MEDIA_RW
+                        "-g", "1023", // AID_MEDIA_RW
+                        "-U", std::to_string(getMountUserId()).c_str(),
+                        mRawPath.c_str(),
+                        stableName.c_str(),
+                        NULL)) {
+                    // clang-format on
+                    PLOG(ERROR) << "Failed to exec";
+                }
             }
         }