am b9f438ff: Protect runtime storage mount points.
* commit 'b9f438ff841f87c8ffbca85b13a533718a18e15f':
Protect runtime storage mount points.
diff --git a/rootdir/init.rc b/rootdir/init.rc
index a4e31a9..de143b7 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -69,16 +69,17 @@
# Storage views to support runtime permissions
mkdir /storage 0755 root root
- mkdir /mnt/runtime_default 0755 root root
- mkdir /mnt/runtime_default/self 0755 root root
- mkdir /mnt/runtime_read 0755 root root
- mkdir /mnt/runtime_read/self 0755 root root
- mkdir /mnt/runtime_write 0755 root root
- mkdir /mnt/runtime_write/self 0755 root root
+ mkdir /mnt/runtime 0700 root root
+ mkdir /mnt/runtime/default 0755 root root
+ mkdir /mnt/runtime/default/self 0755 root root
+ mkdir /mnt/runtime/read 0755 root root
+ mkdir /mnt/runtime/read/self 0755 root root
+ mkdir /mnt/runtime/write 0755 root root
+ mkdir /mnt/runtime/write/self 0755 root root
# Symlink to keep legacy apps working in multi-user world
symlink /storage/self/primary /sdcard
- symlink /mnt/user/0/primary /mnt/runtime_default/self/primary
+ symlink /mnt/user/0/primary /mnt/runtime/default/self/primary
# memory control cgroup
mkdir /dev/memcg 0700 root system
@@ -230,7 +231,7 @@
# Mount shared so changes propagate into child namespaces
mount rootfs rootfs / shared rec
# Mount default storage into root namespace
- mount none /mnt/runtime_default /storage slave bind rec
+ mount none /mnt/runtime/default /storage slave bind rec
# We chown/chmod /cache again so because mount is run as root + defaults
chown system cache /cache
diff --git a/sdcard/sdcard.c b/sdcard/sdcard.c
index 41bf045..a79e2dd 100644
--- a/sdcard/sdcard.c
+++ b/sdcard/sdcard.c
@@ -1735,7 +1735,7 @@
" -g: specify GID to run as\n"
" -U: specify user ID that owns device\n"
" -m: source_path is multi-user\n"
- " -w: runtime_write mount has full write access\n"
+ " -w: runtime write mount has full write access\n"
"\n");
return 1;
}
@@ -1822,9 +1822,9 @@
global.fuse_read = &fuse_read;
global.fuse_write = &fuse_write;
- snprintf(fuse_default.dest_path, PATH_MAX, "/mnt/runtime_default/%s", label);
- snprintf(fuse_read.dest_path, PATH_MAX, "/mnt/runtime_read/%s", label);
- snprintf(fuse_write.dest_path, PATH_MAX, "/mnt/runtime_write/%s", label);
+ snprintf(fuse_default.dest_path, PATH_MAX, "/mnt/runtime/default/%s", label);
+ snprintf(fuse_read.dest_path, PATH_MAX, "/mnt/runtime/read/%s", label);
+ snprintf(fuse_write.dest_path, PATH_MAX, "/mnt/runtime/write/%s", label);
handler_default.fuse = &fuse_default;
handler_read.fuse = &fuse_read;