From e84bdd38addecc80878d811ab279646acfe6ab19 Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Mon, 8 Feb 2016 12:16:00 -0700
Subject: [PATCH] Move graphics and JIT caches to DE storage.

We confirmed with the graphics and JIT teams that no sensitive
user data is written to these caches, so they're safe to point at DE
storage.

Since we don't have control over what is written by the app, we need
to keep the cache environment variable pointing at CE storage.

Fix ensurePrivateDirExists() to always return a path, instead of
returning null which can cause scary bugs.

Change packages.list to no longer canonicalize data paths, since
these fail when CE storage is still locked.

Bug: 27069522
Change-Id: Ifff64a036fa4aa1e61aa0dd98486bc711fbf8f4a
---
 core/java/android/app/ActivityThread.java     | 11 +++++++--
 core/java/android/app/ContextImpl.java        | 24 ++++++++++---------
 .../java/com/android/server/pm/Settings.java  |  2 +-
 3 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/core/java/android/app/ActivityThread.java b/core/java/android/app/ActivityThread.java
index 6424520df3ec4..04883a9612866 100644
--- a/core/java/android/app/ActivityThread.java
+++ b/core/java/android/app/ActivityThread.java
@@ -5021,6 +5021,9 @@ public final class ActivityThread {
 
         final ContextImpl appContext = ContextImpl.createAppContext(this, data.info);
         if (!Process.isIsolated() && !"android".equals(appContext.getPackageName())) {
+            // This cache location probably points at credential-encrypted
+            // storage which may not be accessible yet; assign it anyway instead
+            // of pointing at device-encrypted storage.
             final File cacheDir = appContext.getCacheDir();
             if (cacheDir != null) {
                 // Provide a usable directory for temporary files
@@ -5030,8 +5033,12 @@ public final class ActivityThread {
                         + "due to missing cache directory");
             }
 
-            // Use codeCacheDir to store generated/compiled graphics code and jit profiling data.
-            final File codeCacheDir = appContext.getCodeCacheDir();
+            // Setup a location to store generated/compiled graphics code and
+            // JIT profiling data. Note that this data is stored in a
+            // device-encrypted storage area, so these caches must never contain
+            // user sensitive user data.
+            final Context deviceContext = appContext.createDeviceEncryptedStorageContext();
+            final File codeCacheDir = deviceContext.getCodeCacheDir();
             if (codeCacheDir != null) {
                 setupGraphicsSupport(data.info, codeCacheDir);
                 setupJitProfileSupport(data.info, codeCacheDir);
diff --git a/core/java/android/app/ContextImpl.java b/core/java/android/app/ContextImpl.java
index 89d4931b9fcb2..eec503b233e88 100644
--- a/core/java/android/app/ContextImpl.java
+++ b/core/java/android/app/ContextImpl.java
@@ -58,6 +58,9 @@ import android.os.RemoteException;
 import android.os.ServiceManager;
 import android.os.UserHandle;
 import android.os.storage.IMountService;
+import android.system.ErrnoException;
+import android.system.Os;
+import android.system.OsConstants;
 import android.util.AndroidRuntimeException;
 import android.util.ArrayMap;
 import android.util.Log;
@@ -482,21 +485,20 @@ class ContextImpl extends Context {
         return f.delete();
     }
 
-    // Common-path handling of app data dir creation
+    /**
+     * Common-path handling of app data dir creation
+     */
     private static File ensurePrivateDirExists(File file) {
         if (!file.exists()) {
-            if (!file.mkdirs()) {
-                if (file.exists()) {
-                    // spurious failure; probably racing with another process for this app
-                    return file;
+            try {
+                Os.mkdir(file.getAbsolutePath(), 0771);
+            } catch (ErrnoException e) {
+                if (e.errno == OsConstants.EEXIST) {
+                    // We must have raced with someone; that's okay
+                } else {
+                    Log.w(TAG, "Failed to ensure " + file + ": " + e.getMessage());
                 }
-                Log.w(TAG, "Failed to ensure directory " + file.getAbsolutePath());
-                return null;
             }
-            FileUtils.setPermissions(
-                    file.getPath(),
-                    FileUtils.S_IRWXU|FileUtils.S_IRWXG|FileUtils.S_IXOTH,
-                    -1, -1);
         }
         return file;
     }
diff --git a/services/core/java/com/android/server/pm/Settings.java b/services/core/java/com/android/server/pm/Settings.java
index fcb777b8e7fac..8fa5d2410d275 100644
--- a/services/core/java/com/android/server/pm/Settings.java
+++ b/services/core/java/com/android/server/pm/Settings.java
@@ -2359,7 +2359,7 @@ final class Settings {
                 }
 
                 final ApplicationInfo ai = pkg.pkg.applicationInfo;
-                final String dataPath = new File(ai.dataDir).getCanonicalPath();
+                final String dataPath = ai.dataDir;
                 final boolean isDebug = (ai.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
                 final int[] gids = pkg.getPermissionsState().computeGids(userIds);