Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 4482ab53d17140dfeb756ff595b66fb641f1addf
commit4482ab53d17140dfeb756ff595b66fb641f1addf[log] [tgz]
authorRicky Wai <rickywai@google.com>Tue Dec 10 19:08:18 2019 +0000
committerRicky Wai <rickywai@google.com>Tue Dec 17 16:11:09 2019 +0000
tree3de74646e88f0275ab743bcb2602a62769bff117
parent5a8fe7a028a601c6f11640a4b96bfdf923f95512 [diff]
App data directory isolation

- During Zygote fork (before setuid), Zygote will create a tmpfs overlay
(mount namespace) on its DE and CE directories, so app process cannot
access the actual DE CE directory anymore.

- In the overlay tmpfs directory, zygote will create its app and
whitelisted app data directories.

- Bind mount (namespace) the mirror data directory to the directories in
tmpfs overlay.

- When CE storage is ready, ask installd to prepare CE storage's data mirror.

Bug: 143937733
Test: Test app shows it cannot access other apps data directory anymore
Test: Test app shows it can access whitelisted app / same uid app data
directory.
Change-Id: I64e06c1ffd962a7134a176aad33c06b5f661f7cd
3 files changed
tree: 3de74646e88f0275ab743bcb2602a62769bff117
  1. apct-tests/
  2. apex/
  3. api/
  4. cmds/
  5. config/
  6. core/
  7. data/
  8. docs/
  9. drm/
  10. graphics/
  11. keystore/
  12. libs/
  13. location/
  14. lowpan/
  15. media/
  16. mime/
  17. mms/
  18. native/
  19. nfc-extras/
  20. obex/
  21. opengl/
  22. packages/
  23. proto/
  24. rs/
  25. samples/
  26. sax/
  27. services/
  28. startop/
  29. telecomm/
  30. telephony/
  31. test-base/
  32. test-legacy/
  33. test-mock/
  34. test-runner/
  35. tests/
  36. tools/
  37. wifi/
  38. .clang-format
  39. .gitignore
  40. .mailmap
  41. Android.bp
  42. Android.mk
  43. CleanSpec.mk
  44. jarjar_rules_hidl.txt
  45. MODULE_LICENSE_APACHE2
  46. NOTICE
  47. pathmap.mk
  48. PREUPLOAD.cfg
  49. TEST_MAPPING