From b5dc9dbb30ce3d2e1b88efbd5a9a50ccb01cbc59 Mon Sep 17 00:00:00 2001 From: Ricky Wai Date: Fri, 6 Mar 2020 17:45:08 +0000 Subject: [PATCH] Run unshare for app data isolation for instant app Even MountEmulatedStorage does not run it, isolateAppData should run it also otherwise it's mounting on root namespace. Test: atest --instant CookieManagerTest Test: atest EphemeralTest#testWebViewLoads Bug: 148966677 Change-Id: I5e2dd8087461efd6b7d566d089c9223f253f3b4f --- core/jni/com_android_internal_os_Zygote.cpp | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp index 4e139a34c555c..2128f99ff609d 100644 --- a/core/jni/com_android_internal_os_Zygote.cpp +++ b/core/jni/com_android_internal_os_Zygote.cpp @@ -133,6 +133,11 @@ static jmethodID gCreateSystemServerClassLoader; static bool gIsSecurityEnforced = true; +/** + * True if the app process is running in its mount namespace. + */ +static bool gInAppMountNamespace = false; + /** * The maximum number of characters (not including a null terminator) that a * process name may contain. @@ -548,6 +553,17 @@ static void SetGids(JNIEnv* env, jintArray managed_gids, fail_fn_t fail_fn) { } } +static void ensureInAppMountNamespace(fail_fn_t fail_fn) { + if (gInAppMountNamespace) { + // In app mount namespace already + return; + } + if (unshare(CLONE_NEWNS) == -1) { + fail_fn(CREATE_ERROR("Failed to unshare(): %s", strerror(errno))); + } + gInAppMountNamespace = true; +} + // Sets the resource limits via setrlimit(2) for the values in the // two-dimensional array of integers that's passed in. The second dimension // contains a tuple of length 3: (resource, rlim_cur, rlim_max). nullptr is @@ -811,9 +827,7 @@ static void MountEmulatedStorage(uid_t uid, jint mount_mode, } // Create a second private mount namespace for our process - if (unshare(CLONE_NEWNS) == -1) { - fail_fn(CREATE_ERROR("Failed to unshare(): %s", strerror(errno))); - } + ensureInAppMountNamespace(fail_fn); // Handle force_mount_namespace with MOUNT_EXTERNAL_NONE. if (mount_mode == MOUNT_EXTERNAL_NONE) { @@ -1319,6 +1333,7 @@ static void isolateAppData(JNIEnv* env, jobjectArray pkg_data_info_list, if ((size % 3) != 0) { fail_fn(CREATE_ERROR("Wrong pkg_inode_list size %d", size)); } + ensureInAppMountNamespace(fail_fn); // Mount tmpfs on all possible data directories, so app no longer see the original apps data. char internalCePath[PATH_MAX];