Create sandboxes for newly installed apps.

Bug: 111890351 Test: manual Change-Id: I8b47e8a9fd1122b2d55c16189f05f5a32a22d16b
2018-08-06 17:29:44 -07:00
parent f2c5ee5900
commit 8ff30b1317
3 changed files with 46 additions and 2 deletions
--- a/core/java/android/os/storage/StorageManagerInternal.java
+++ b/core/java/android/os/storage/StorageManagerInternal.java
@@ -79,4 +79,18 @@ public abstract class StorageManagerInternal {
     * @return The mount mode.
     */
    public abstract int getExternalStorageMountMode(int uid, String packageName);
+
+    /**
+     * Mount external storage for the given package.
+     *
+     * <p> This will involve calling into vold to setup appropriate bind mounts.
+     *
+     * @param packageName The package for which external storage will be mounted.
+     * @param appId The appId for the given package.
+     * @param sharedUserId The sharedUserId for given package if it specified
+     *      {@code android:sharedUserId} in the manifest, otherwise {@code null}
+     * @param userId
+     */
+    public abstract void mountExternalStorageForApp(String packageName, int appId,
+            String sharedUserId, int userId);
 }
--- a/services/core/java/com/android/server/StorageManagerService.java
+++ b/services/core/java/com/android/server/StorageManagerService.java
@@ -3803,5 +3803,29 @@ class StorageManagerService extends IStorageManager.Stub
            }
            return true;
        }
+
+        @Override
+        public void mountExternalStorageForApp(String packageName, int appId, String sharedUserId,
+                int userId) {
+            final String sandboxId;
+            synchronized (mPackagesLock) {
+                final ArraySet<String> userPackages = getPackagesForUserPL(userId);
+                // If userPackages is empty, it means the user is not started yet, so no need to
+                // do anything now.
+                if (userPackages.isEmpty() || userPackages.contains(packageName)) {
+                    return;
+                }
+                userPackages.add(packageName);
+                mAppIds.put(packageName, appId);
+                sandboxId = getSandboxId(packageName, sharedUserId);
+                mSandboxIds.put(appId, sandboxId);
+            }
+
+            try {
+                mVold.mountExternalStorageForApp(packageName, appId, sandboxId, userId);
+            } catch (Exception e) {
+                Slog.wtf(TAG, e);
+            }
+        }
    }
 }
--- a/services/core/java/com/android/server/pm/PackageManagerService.java
+++ b/services/core/java/com/android/server/pm/PackageManagerService.java
@@ -21358,9 +21358,9 @@ public class PackageManagerService extends IPackageManager.Stub
        mDexManager.systemReady();
        mPackageDexOptimizer.systemReady();

-        StorageManagerInternal StorageManagerInternal = LocalServices.getService(
+        StorageManagerInternal storageManagerInternal = LocalServices.getService(
                StorageManagerInternal.class);
-        StorageManagerInternal.addExternalStoragePolicy(
+        storageManagerInternal.addExternalStoragePolicy(
                new StorageManagerInternal.ExternalStorageMountPolicy() {
            @Override
            public int getMountMode(int uid, String packageName) {
@@ -22798,6 +22798,12 @@ public class PackageManagerService extends IPackageManager.Stub
        }

        prepareAppDataContentsLeafLIF(pkg, userId, flags);
+        final StorageManagerInternal storageManagerInternal
+                = LocalServices.getService(StorageManagerInternal.class);
+        if (storageManagerInternal != null) {
+            storageManagerInternal.mountExternalStorageForApp(
+                    pkg.packageName, appId, pkg.mSharedUserId, userId);
+        }
    }

    private void prepareAppDataContentsLIF(PackageParser.Package pkg, int userId, int flags) {