init: "init subcontext" in default mount namespace
"init subcontext" is responsible to handle a few commands in vendor
context. To support Vendor APEX, "init subcontext" is now started in
"default" mount namespace so that those commands can access /apex/*.
For example, insmod should see the contents of /apex to install kernel
modules in apexes.
Bug: 162701747
Test: adb shell ps -ef | grep init
=> check pid of <init subcontext>
adb shell readlink /proc/<pid: init>/ns/mnt
adb shell readlink /proc/<pid: init subcontext>/ns/mnt
=> check if these are equal
Change-Id: Icd5e862e52d78635e83824b267b6d32d8f3e9eea
diff --git a/init/subcontext.cpp b/init/subcontext.cpp
index 9d4ea8c..dc2455e 100644
--- a/init/subcontext.cpp
+++ b/init/subcontext.cpp
@@ -30,6 +30,7 @@
#include "action.h"
#include "builtins.h"
+#include "mount_namespace.h"
#include "proto_utils.h"
#include "util.h"
@@ -217,7 +218,13 @@
PLOG(FATAL) << "Could not set execcon for '" << context_ << "'";
}
}
-
+#if defined(__ANDROID__)
+ // subcontext init runs in "default" mount namespace
+ // so that it can access /apex/*
+ if (auto result = SwitchToMountNamespaceIfNeeded(NS_DEFAULT); !result.ok()) {
+ LOG(FATAL) << "Could not switch to \"default\" mount namespace: " << result.error();
+ }
+#endif
auto init_path = GetExecutablePath();
auto child_fd_string = std::to_string(child_fd);
const char* args[] = {init_path.c_str(), "subcontext", context_.c_str(),