Check if fuse enabled before mounting storage data and obb dirs

Also, do not bind mount storage obb and data dirs if mount external is in pass_through mode. Fix: 151219235 Fix: 152395018 Fix: 152490627 Test: atest AdoptableHostTest Change-Id: I77a86be5582ded0915b0a8a49d2b2a8c17fe58b7
2020-04-08 16:14:37 +01:00
parent afef06a0f6
commit 6416747830
3 changed files with 21 additions and 3 deletions
--- a/core/jni/com_android_internal_os_Zygote.cpp
+++ b/core/jni/com_android_internal_os_Zygote.cpp
@@ -1653,7 +1653,9 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids,
            uid, process_name, managed_nice_name, fail_fn);
    isolateJitProfile(env, pkg_data_info_list, uid, process_name, managed_nice_name, fail_fn);
  }
-  if ((mount_external != MOUNT_EXTERNAL_INSTALLER) && mount_storage_dirs) {
+  if (mount_external != MOUNT_EXTERNAL_INSTALLER &&
+      mount_external != MOUNT_EXTERNAL_PASS_THROUGH &&
+      mount_storage_dirs) {
    BindMountStorageDirs(env, pkg_data_info_list, uid, process_name, managed_nice_name, fail_fn);
  }

--- a/services/core/java/com/android/server/StorageManagerService.java
+++ b/services/core/java/com/android/server/StorageManagerService.java
@@ -220,6 +220,10 @@ class StorageManagerService extends IStorageManager.Stub

    private static final boolean ENABLE_ISOLATED_STORAGE = StorageManager.hasIsolatedStorage();

+    // A system property to control if obb app data isolation is enabled in vold.
+    private static final String ANDROID_VOLD_APP_DATA_ISOLATION_ENABLED_PROPERTY =
+            "persist.sys.vold_app_data_isolation_enabled";
+
    /**
     * If {@code 1}, enables the isolated storage feature. If {@code -1},
     * disables the isolated storage feature. If {@code 0}, uses the default
@@ -596,6 +600,8 @@ class StorageManagerService extends IStorageManager.Stub

    private final boolean mIsFuseEnabled;

+    private final boolean mVoldAppDataIsolationEnabled;
+
    @GuardedBy("mLock")
    private final Set<Integer> mUidsWithLegacyExternalStorage = new ArraySet<>();
    // Not guarded by lock, always used on the ActivityManager thread
@@ -1516,7 +1522,7 @@ class StorageManagerService extends IStorageManager.Stub
        if (vol.type == VolumeInfo.TYPE_EMULATED) {
            if (newState != VolumeInfo.STATE_MOUNTED) {
                mFuseMountedUser.remove(vol.getMountUserId());
-            } else {
+            } else if (mVoldAppDataIsolationEnabled){
                final int userId = vol.getMountUserId();
                mFuseMountedUser.add(userId);
                // Async remount app storage so it won't block the main thread.
@@ -1740,6 +1746,8 @@ class StorageManagerService extends IStorageManager.Stub
        // incorrect until #updateFusePropFromSettings where we set the correct value and reboot if
        // different
        mIsFuseEnabled = SystemProperties.getBoolean(PROP_FUSE, DEFAULT_FUSE_ENABLED);
+        mVoldAppDataIsolationEnabled = mIsFuseEnabled && SystemProperties.getBoolean(
+                ANDROID_VOLD_APP_DATA_ISOLATION_ENABLED_PROPERTY, false);
        mContext = context;
        mResolver = mContext.getContentResolver();
        mCallbacks = new Callbacks(FgThread.get().getLooper());
--- a/services/core/java/com/android/server/am/ProcessList.java
+++ b/services/core/java/com/android/server/am/ProcessList.java
@@ -154,6 +154,9 @@ public final class ProcessList {
    static final String ANDROID_VOLD_APP_DATA_ISOLATION_ENABLED_PROPERTY =
            "persist.sys.vold_app_data_isolation_enabled";

+    // A system property to control if fuse is enabled.
+    static final String ANDROID_FUSE_ENABLED = "persist.sys.fuse";
+
    // The minimum time we allow between crashes, for us to consider this
    // application to be bad and stop and its services and reject broadcasts.
    static final int MIN_CRASH_INTERVAL = 60 * 1000;
@@ -707,8 +710,13 @@ public final class ProcessList {
        // want some apps enabled while some apps disabled
        mAppDataIsolationEnabled =
                SystemProperties.getBoolean(ANDROID_APP_DATA_ISOLATION_ENABLED_PROPERTY, true);
-        mVoldAppDataIsolationEnabled = SystemProperties.getBoolean(
+        boolean fuseEnabled = SystemProperties.getBoolean(ANDROID_FUSE_ENABLED, false);
+        boolean voldAppDataIsolationEnabled = SystemProperties.getBoolean(
                ANDROID_VOLD_APP_DATA_ISOLATION_ENABLED_PROPERTY, false);
+        if (!fuseEnabled && voldAppDataIsolationEnabled) {
+            Slog.e(TAG, "Fuse is not enabled while vold app data isolation is enabled");
+        }
+        mVoldAppDataIsolationEnabled = fuseEnabled && voldAppDataIsolationEnabled;
        mAppDataIsolationWhitelistedApps = new ArrayList<>(
                SystemConfig.getInstance().getAppDataIsolationWhitelistedApps());