Create sandboxes for newly installed apps.
Bug: 111890351
Test: manual
Change-Id: I1b7f5bd25e04f9f4a61d0d4f64bbbb0ca6157fa5
diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index 8445cd8..999df94 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp
@@ -251,6 +251,20 @@
} \
}
+#define CHECK_ARGUMENT_PACKAGE_NAME(packageName) { \
+ binder::Status status = checkArgumentPackageName((packageName)); \
+ if (!status.isOk()) { \
+ return status; \
+ } \
+}
+
+#define CHECK_ARGUMENT_SANDBOX_ID(sandboxId) { \
+ binder::Status status = checkArgumentSandboxId((sandboxId)); \
+ if (!status.isOk()) { \
+ return status; \
+ } \
+}
+
#define ACQUIRE_LOCK \
std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getLock()); \
ATRACE_CALL();
@@ -856,5 +870,16 @@
return translateBool(e4crypt_destroy_user_storage(uuid_, userId, flags));
}
+binder::Status VoldNativeService::mountExternalStorageForApp(const std::string& packageName,
+ int32_t appId, const std::string& sandboxId, int32_t userId) {
+ ENFORCE_UID(AID_SYSTEM);
+ CHECK_ARGUMENT_PACKAGE_NAME(packageName);
+ CHECK_ARGUMENT_SANDBOX_ID(sandboxId);
+ ACQUIRE_LOCK;
+
+ return translate(VolumeManager::Instance()->mountExternalStorageForApp(
+ packageName, appId, sandboxId, userId));
+}
+
} // namespace vold
} // namespace android
diff --git a/VoldNativeService.h b/VoldNativeService.h
index e446185..d5de707 100644
--- a/VoldNativeService.h
+++ b/VoldNativeService.h
@@ -118,6 +118,9 @@
int32_t userId, int32_t userSerial, int32_t flags);
binder::Status destroyUserStorage(const std::unique_ptr<std::string>& uuid,
int32_t userId, int32_t flags);
+
+ binder::Status mountExternalStorageForApp(const std::string& packageName, int32_t appId,
+ const std::string& sandboxId, int32_t userId);
};
} // namespace vold
diff --git a/VolumeManager.cpp b/VolumeManager.cpp
index 5e012c7..260c2f0 100644
--- a/VolumeManager.cpp
+++ b/VolumeManager.cpp
@@ -375,22 +375,12 @@
mMntStorageCreated = true;
}
- std::string source(StringPrintf("/mnt/storage/%s", mPrimary->getLabel().c_str()));
- bool isPrimaryEmulated =
- (mPrimary->getType() == android::vold::VolumeBase::Type::kEmulated);
- if (isPrimaryEmulated) {
- StringAppendF(&source, "/%d", userId);
- if (fs_prepare_dir(source.c_str(), 0755, AID_ROOT, AID_ROOT) != 0) {
- PLOG(ERROR) << "fs_prepare_dir failed on " << source;
- return -errno;
- }
- }
- if (mountSandboxesForPrimaryVol(source, userId, packageNames, isPrimaryEmulated) != 0) {
+ if (mountSandboxesForPrimaryVol(userId, packageNames) != 0) {
return -errno;
}
// Keep /sdcard working for shell process
std::string primarySource(mPrimary->getPath());
- if (isPrimaryEmulated) {
+ if (mPrimary->getType() == android::vold::VolumeBase::Type::kEmulated) {
StringAppendF(&primarySource, "/%d", userId);
}
std::string target(StringPrintf("/mnt/user/%d/primary", userId));
@@ -425,8 +415,18 @@
return 0;
}
-int VolumeManager::mountSandboxesForPrimaryVol(const std::string& primaryRoot, userid_t userId,
- const std::vector<std::string>& packageNames, bool isPrimaryEmulated) {
+int VolumeManager::mountSandboxesForPrimaryVol(userid_t userId,
+ const std::vector<std::string>& packageNames) {
+ std::string primaryRoot(StringPrintf("/mnt/storage/%s", mPrimary->getLabel().c_str()));
+ bool isPrimaryEmulated =
+ (mPrimary->getType() == android::vold::VolumeBase::Type::kEmulated);
+ if (isPrimaryEmulated) {
+ StringAppendF(&primaryRoot, "/%d", userId);
+ if (fs_prepare_dir(primaryRoot.c_str(), 0755, AID_ROOT, AID_ROOT) != 0) {
+ PLOG(ERROR) << "fs_prepare_dir failed on " << primaryRoot;
+ return -errno;
+ }
+ }
std::string sandboxRoot = prepareSubDirs(primaryRoot, "Android/sandbox/",
0700, AID_ROOT, AID_ROOT);
@@ -637,6 +637,24 @@
return 0;
}
+int VolumeManager::mountExternalStorageForApp(const std::string& packageName, appid_t appId,
+ const std::string& sandboxId, userid_t userId) {
+ if (!GetBoolProperty(kIsolatedStorage, false)) {
+ return 0;
+ } else if (mStartedUsers.find(userId) == mStartedUsers.end()) {
+ // User not started, no need to do anything now. Required bind mounts for the package will
+ // be created when the user starts.
+ return 0;
+ }
+ mUserPackages[userId].push_back(packageName);
+ mAppIds[packageName] = appId;
+ mSandboxIds[appId] = sandboxId;
+ if (mPrimary) {
+ return mountSandboxesForPrimaryVol(userId, {packageName});
+ }
+ return 0;
+}
+
int VolumeManager::onSecureKeyguardStateChanged(bool isShowing) {
mSecureKeyguardShowing = isShowing;
if (!mSecureKeyguardShowing) {
diff --git a/VolumeManager.h b/VolumeManager.h
index 52203c5..38355fc 100644
--- a/VolumeManager.h
+++ b/VolumeManager.h
@@ -97,6 +97,8 @@
int addAppIds(const std::vector<std::string>& packageNames, const std::vector<int32_t>& appIds);
int addSandboxIds(const std::vector<int32_t>& appIds,
const std::vector<std::string>& sandboxIds);
+ int mountExternalStorageForApp(const std::string& packageName, appid_t appId,
+ const std::string& sandboxId, userid_t userId);
int onSecureKeyguardStateChanged(bool isShowing);
@@ -146,8 +148,8 @@
const std::string& dataRootDir);
std::string preparePkgDataTarget(const std::string& packageName, uid_t uid,
const std::string& pkgSandboxDir);
- int mountSandboxesForPrimaryVol(const std::string& primaryRoot, userid_t userId,
- const std::vector<std::string>& packageNames, bool isPrimaryEmulated);
+ int mountSandboxesForPrimaryVol(userid_t userId,
+ const std::vector<std::string>& packageNames);
std::string prepareSubDirs(const std::string& pathPrefix, const std::string& subDirs,
mode_t mode, uid_t uid, gid_t gid);
diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
index cc0b32d..cff1baa 100644
--- a/binder/android/os/IVold.aidl
+++ b/binder/android/os/IVold.aidl
@@ -96,6 +96,9 @@
void prepareUserStorage(@nullable @utf8InCpp String uuid, int userId, int userSerial, int storageFlags);
void destroyUserStorage(@nullable @utf8InCpp String uuid, int userId, int storageFlags);
+ void mountExternalStorageForApp(in @utf8InCpp String packageName,
+ int appId, in @utf8InCpp String sandboxId, int userId);
+
const int ENCRYPTION_FLAG_NO_UI = 4;
const int ENCRYPTION_STATE_NONE = 1;