Vold will always bind mount obb and data dirs to lowerfs
So shell / root will always access to them directly not via fuse.
And zygote will be unmount these directories to prevent them being
abused for leaking app visibility.
Also, /mnt/androidwritable is not very useful now as it's the same as
/mnt/installer, but we should make shell / root to access /mnt/androidwritable
later and /mnt/installer should only access obb but not data dir.
Bug: 182997439
Test: Able to boot without errors
Test: df on /sdcard/Android/data shows it's no on fuse.
Change-Id: I2ad10b1e80c135f637d37ddf502ee010f89f4946
diff --git a/model/EmulatedVolume.cpp b/model/EmulatedVolume.cpp
index db93bc2..2555a86 100644
--- a/model/EmulatedVolume.cpp
+++ b/model/EmulatedVolume.cpp
@@ -116,24 +116,22 @@
}
status_t status = OK;
- // When app data isolation is enabled, obb/ will be mounted per app, otherwise we should
- // bind mount the whole Android/ to speed up reading.
- if (!mAppDataIsolationEnabled) {
- std::string androidDataSource = StringPrintf("%s/data", androidSource.c_str());
- std::string androidDataTarget(
- StringPrintf("/mnt/user/%d/%s/%d/Android/data", userId, label.c_str(), userId));
- status = doFuseBindMount(androidDataSource, androidDataTarget, pathsToUnmount);
- if (status != OK) {
- return status;
- }
+ // Zygote will unmount these dirs if app data isolation is enabled, so apps
+ // cannot access these dirs directly.
+ std::string androidDataSource = StringPrintf("%s/data", androidSource.c_str());
+ std::string androidDataTarget(
+ StringPrintf("/mnt/user/%d/%s/%d/Android/data", userId, label.c_str(), userId));
+ status = doFuseBindMount(androidDataSource, androidDataTarget, pathsToUnmount);
+ if (status != OK) {
+ return status;
+ }
- std::string androidObbSource = StringPrintf("%s/obb", androidSource.c_str());
- std::string androidObbTarget(
- StringPrintf("/mnt/user/%d/%s/%d/Android/obb", userId, label.c_str(), userId));
- status = doFuseBindMount(androidObbSource, androidObbTarget, pathsToUnmount);
- if (status != OK) {
- return status;
- }
+ std::string androidObbSource = StringPrintf("%s/obb", androidSource.c_str());
+ std::string androidObbTarget(
+ StringPrintf("/mnt/user/%d/%s/%d/Android/obb", userId, label.c_str(), userId));
+ status = doFuseBindMount(androidObbSource, androidObbTarget, pathsToUnmount);
+ if (status != OK) {
+ return status;
}
// Installers get the same view as all other apps, with the sole exception that the
@@ -150,44 +148,8 @@
if (status != OK) {
return status;
}
- } else if (mAppDataIsolationEnabled) {
- std::string obbSource(StringPrintf("%s/obb", androidSource.c_str()));
- std::string obbInstallerTarget(StringPrintf("/mnt/installer/%d/%s/%d/Android/obb",
- userId, label.c_str(), userId));
-
- status = doFuseBindMount(obbSource, obbInstallerTarget, pathsToUnmount);
- if (status != OK) {
- return status;
- }
}
- // /mnt/androidwriteable is similar to /mnt/installer, but it's for
- // MOUNT_EXTERNAL_ANDROID_WRITABLE apps and it can also access DATA (Android/data) dirs.
- if (mAppDataIsolationEnabled) {
- std::string obbSource = mUseSdcardFs ?
- StringPrintf("/mnt/runtime/write/%s/%d/Android/obb", label.c_str(), userId)
- : StringPrintf("%s/obb", androidSource.c_str());
-
- std::string obbAndroidWritableTarget(
- StringPrintf("/mnt/androidwritable/%d/%s/%d/Android/obb",
- userId, label.c_str(), userId));
-
- status = doFuseBindMount(obbSource, obbAndroidWritableTarget, pathsToUnmount);
- if (status != OK) {
- return status;
- }
-
- std::string dataSource = mUseSdcardFs ?
- StringPrintf("/mnt/runtime/write/%s/%d/Android/data", label.c_str(), userId)
- : StringPrintf("%s/data", androidSource.c_str());
- std::string dataTarget(StringPrintf("/mnt/androidwritable/%d/%s/%d/Android/data",
- userId, label.c_str(), userId));
-
- status = doFuseBindMount(dataSource, dataTarget, pathsToUnmount);
- if (status != OK) {
- return status;
- }
- }
unmount_guard.Disable();
return OK;
}