commit c756209b898c3951a5d76f84f43d71964b26e498
author Sudheer Shanka <sudheersai@google.com> Fri Aug 24 10:20:56 2018 -0700
committer Sudheer Shanka <sudheersai@google.com> Fri Aug 24 12:35:56 2018 -0700
tree 656439e810ea05162982b421c228d6dffec843d3
parent 4a923e216dd653e668724e8093e12efbd6c0a4f0

Create sandboxes for newly installed apps.

Bug: 111890351
Test: manual
Change-Id: I1b7f5bd25e04f9f4a61d0d4f64bbbb0ca6157fa5

VolumeManager.cpp

diff --git a/VolumeManager.cpp b/VolumeManager.cpp
index 5e012c7..260c2f0 100644
--- a/VolumeManager.cpp
+++ b/VolumeManager.cpp
@@ -375,22 +375,12 @@
             mMntStorageCreated = true;
         }
 
-        std::string source(StringPrintf("/mnt/storage/%s", mPrimary->getLabel().c_str()));
-        bool isPrimaryEmulated =
-                (mPrimary->getType() == android::vold::VolumeBase::Type::kEmulated);
-        if (isPrimaryEmulated) {
-            StringAppendF(&source, "/%d", userId);
-            if (fs_prepare_dir(source.c_str(), 0755, AID_ROOT, AID_ROOT) != 0) {
-                PLOG(ERROR) << "fs_prepare_dir failed on " << source;
-                return -errno;
-            }
-        }
-        if (mountSandboxesForPrimaryVol(source, userId, packageNames, isPrimaryEmulated) != 0) {
+        if (mountSandboxesForPrimaryVol(userId, packageNames) != 0) {
             return -errno;
         }
         // Keep /sdcard working for shell process
         std::string primarySource(mPrimary->getPath());
-        if (isPrimaryEmulated) {
+        if (mPrimary->getType() == android::vold::VolumeBase::Type::kEmulated) {
             StringAppendF(&primarySource, "/%d", userId);
         }
         std::string target(StringPrintf("/mnt/user/%d/primary", userId));
@@ -425,8 +415,18 @@
     return 0;
 }
 
-int VolumeManager::mountSandboxesForPrimaryVol(const std::string& primaryRoot, userid_t userId,
-        const std::vector<std::string>& packageNames, bool isPrimaryEmulated) {
+int VolumeManager::mountSandboxesForPrimaryVol(userid_t userId,
+        const std::vector<std::string>& packageNames) {
+    std::string primaryRoot(StringPrintf("/mnt/storage/%s", mPrimary->getLabel().c_str()));
+    bool isPrimaryEmulated =
+            (mPrimary->getType() == android::vold::VolumeBase::Type::kEmulated);
+    if (isPrimaryEmulated) {
+        StringAppendF(&primaryRoot, "/%d", userId);
+        if (fs_prepare_dir(primaryRoot.c_str(), 0755, AID_ROOT, AID_ROOT) != 0) {
+            PLOG(ERROR) << "fs_prepare_dir failed on " << primaryRoot;
+            return -errno;
+        }
+    }
 
     std::string sandboxRoot = prepareSubDirs(primaryRoot, "Android/sandbox/",
             0700, AID_ROOT, AID_ROOT);
@@ -637,6 +637,24 @@
     return 0;
 }
 
+int VolumeManager::mountExternalStorageForApp(const std::string& packageName, appid_t appId,
+        const std::string& sandboxId, userid_t userId) {
+    if (!GetBoolProperty(kIsolatedStorage, false)) {
+        return 0;
+    } else if (mStartedUsers.find(userId) == mStartedUsers.end()) {
+        // User not started, no need to do anything now. Required bind mounts for the package will
+        // be created when the user starts.
+        return 0;
+    }
+    mUserPackages[userId].push_back(packageName);
+    mAppIds[packageName] = appId;
+    mSandboxIds[appId] = sandboxId;
+    if (mPrimary) {
+        return mountSandboxesForPrimaryVol(userId, {packageName});
+    }
+    return 0;
+}
+
 int VolumeManager::onSecureKeyguardStateChanged(bool isShowing) {
     mSecureKeyguardShowing = isShowing;
     if (!mSecureKeyguardShowing) {