commit 3bb6020e461e8872e8df0775cba6eb32e06b93ec
author San Mehat <san@google.com> Fri Feb 19 18:14:36 2010 -0800
committer San Mehat <san@google.com> Fri Feb 19 18:14:36 2010 -0800
tree 97acf58f5a69cae34a09205c02e5cc782d19582a
parent 8f2875b29780312f4edda3d831cc8a99e1648dd5

vold: Stage the mounting of media to hide the ASEC imagefile directory

  In order to protect the '/android_secure' directory on VFAT removable media
from being mucked with by 3rd party applications on the device, we hide the
directory with a read-only, zero-sized tmpfs mounted on-top. A reference to the
hidden directory is kept by a bind-mount which is mounted at a location which
only root can access.

Staging consists of:
  1. Mount checked media at a secure location (/mnt/secure/staging)
  2. Ensure /android_secure exists on the media, (creating if it doesnt)
  3. Bind-mount /mnt/secure/staging/android_secure -> /mnt/secure/asec
     (where only root can access it)
  4. Mount an RDONLY zero-sized tmpfs over /mnt/secure/staging/android_secure
  5. Atomically move /mnt/secure/staging to the publicly accessable storage
     directory (/mnt/sdcard)

Signed-off-by: San Mehat <san@google.com>

Volume.h

diff --git a/Volume.h b/Volume.h
index 9bf0f0a..c7fa996 100644
--- a/Volume.h
+++ b/Volume.h
@@ -38,6 +38,12 @@
     static const int State_Shared     = 7;
     static const int State_SharedMnt  = 8;
 
+    static const char *SECDIR;
+    static const char *SEC_STGDIR;
+    static const char *SEC_STG_SECIMGDIR;
+    static const char *SEC_ASECDIR;
+    static const char *ASECDIR;
+
 protected:
     char *mLabel;
     char *mMountpoint;
@@ -75,6 +81,9 @@
 private:
     int initializeMbr(const char *deviceNode);
     bool isMountpointMounted(const char *path);
+    int createBindMounts();
+    int doUnmount(const char *path, bool force);
+    int doMoveMount(const char *src, const char *dst, bool force);
 };
 
 typedef android::List<Volume *> VolumeCollection;