Merge "Allow sandboxed apps to access only package specific dirs." into qt-dev

commit: d6d09d952b0013ec4d56f81cbc2fde11bf8f897c [log] [tgz]
author: Sudheer Shanka <sudheersai@google.com> Wed Apr 17 22:07:47 2019 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Wed Apr 17 22:07:47 2019 +0000
tree: 0021c521a66647bab4249bc05994318cd4c31acb
parent: 6805b6ae0d574f44fd7985e76bd6b9556f390312 [diff]
parent: 783c90e9b47dd93d75bfbb09795fa72333bff842 [diff]
diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp
index e2214d1..3d3203e 100644
--- a/core/jni/com_android_internal_os_Zygote.cpp
+++ b/core/jni/com_android_internal_os_Zygote.cpp

@@ -875,8 +875,12 @@
     storage_source = "/mnt/runtime/default";
   } else if (mount_mode == MOUNT_EXTERNAL_READ) {
     storage_source = "/mnt/runtime/read";
-  } else if (mount_mode == MOUNT_EXTERNAL_WRITE) {
+  } else if (mount_mode == MOUNT_EXTERNAL_WRITE
+      || mount_mode == MOUNT_EXTERNAL_LEGACY
+      || mount_mode == MOUNT_EXTERNAL_INSTALLER) {
     storage_source = "/mnt/runtime/write";
+  } else if (mount_mode == MOUNT_EXTERNAL_FULL) {
+    storage_source = "/mnt/runtime/full";
   } else if (mount_mode == MOUNT_EXTERNAL_NONE && !force_mount_namespace) {
     // Sane default of no storage visible
     return;
@@ -892,7 +896,8 @@
     return;
   }
 
-  if (GetBoolProperty(kIsolatedStorageSnapshot, GetBoolProperty(kIsolatedStorage, true))) {
+  if (/* DISABLES CODE */ (false)
+      && GetBoolProperty(kIsolatedStorageSnapshot, GetBoolProperty(kIsolatedStorage, true))) {
     if (mount_mode == MOUNT_EXTERNAL_FULL || mount_mode == MOUNT_EXTERNAL_LEGACY) {
       storage_source = (mount_mode == MOUNT_EXTERNAL_FULL)
           ? "/mnt/runtime/full" : "/mnt/runtime/write";

diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java
index 053e686..6c57b65 100644
--- a/services/core/java/com/android/server/StorageManagerService.java
+++ b/services/core/java/com/android/server/StorageManagerService.java

@@ -1683,6 +1683,7 @@
                 ServiceManager.getService(Context.APP_OPS_SERVICE));
         try {
             mIAppOpsService.startWatchingMode(OP_REQUEST_INSTALL_PACKAGES, null, mAppOpsCallback);
+            mIAppOpsService.startWatchingMode(OP_LEGACY_STORAGE, null, mAppOpsCallback);
         } catch (RemoteException e) {
         }
     }
@@ -3335,7 +3336,7 @@
     }
 
     private String translateInternal(String path, int pid, int uid, boolean toSystem) {
-        if (!ENABLE_ISOLATED_STORAGE) return path;
+        if (true) return path;
 
         if (path.contains("/../")) {
             throw new SecurityException("Shady looking path " + path);
@@ -3761,7 +3762,7 @@
             if (hasLegacy && hasStorage) {
                 return Zygote.MOUNT_EXTERNAL_LEGACY;
             } else {
-                return Zygote.MOUNT_EXTERNAL_WRITE;
+                return Zygote.MOUNT_EXTERNAL_DEFAULT;
             }
         } catch (RemoteException e) {
             // Should not happen
commit	d6d09d952b0013ec4d56f81cbc2fde11bf8f897c	[log] [tgz]
author	Sudheer Shanka <sudheersai@google.com>	Wed Apr 17 22:07:47 2019 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Wed Apr 17 22:07:47 2019 +0000
tree	0021c521a66647bab4249bc05994318cd4c31acb
parent	6805b6ae0d574f44fd7985e76bd6b9556f390312 [diff]
parent	783c90e9b47dd93d75bfbb09795fa72333bff842 [diff]