In MountEmulatedStorage() don't create a mount namespace unless actually mounting.
When the zygote starts, it creates its own mount namespace in
nativeUnmountStorageOnInit(). When the zygote forks a new process, unless the
new process actually has permission to access emulated storage (and thus it
needs to be mounted), there is no reason to create another new mount namespace
in the child.
This supports the WebView zygote, which does not have CAP_SYS_ADMIN to perform
mount operations. But since it only forks isolated_app processes, which do not
have access to storage, it does not need to handle mounting.
Test: m checkbuild
Test: angler boots
Bug: 21643067
Change-Id: Ieb75cc3009ed26b7366213409d5fad836f597084
diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp
index 5202a98..3e111c0 100644
--- a/core/jni/com_android_internal_os_Zygote.cpp
+++ b/core/jni/com_android_internal_os_Zygote.cpp
@@ -297,12 +297,6 @@
bool force_mount_namespace) {
// See storage config details at http://source.android.com/tech/storage/
- // Create a second private mount namespace for our process
- if (unshare(CLONE_NEWNS) == -1) {
- ALOGW("Failed to unshare(): %s", strerror(errno));
- return false;
- }
-
String8 storageSource;
if (mount_mode == MOUNT_EXTERNAL_DEFAULT) {
storageSource = "/mnt/runtime/default";
@@ -314,6 +308,13 @@
// Sane default of no storage visible
return true;
}
+
+ // Create a second private mount namespace for our process
+ if (unshare(CLONE_NEWNS) == -1) {
+ ALOGW("Failed to unshare(): %s", strerror(errno));
+ return false;
+ }
+
if (TEMP_FAILURE_RETRY(mount(storageSource.string(), "/storage",
NULL, MS_BIND | MS_REC | MS_SLAVE, NULL)) == -1) {
ALOGW("Failed to mount %s to /storage: %s", storageSource.string(), strerror(errno));