OSDN Git Service

(root) / android-x86 / frameworks-base.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 678ba24)
In MountEmulatedStorage() don't create a mount namespace unless actually mounting.
authorRobert Sesek <rsesek@google.com>
Mon, 31 Oct 2016 15:25:10 +0000 (11:25 -0400)
committerRobert Sesek <rsesek@google.com>
Mon, 31 Oct 2016 15:25:10 +0000 (11:25 -0400)
When the zygote starts, it creates its own mount namespace in
nativeUnmountStorageOnInit(). When the zygote forks a new process, unless the
new process actually has permission to access emulated storage (and thus it
needs to be mounted), there is no reason to create another new mount namespace
in the child.

This supports the WebView zygote, which does not have CAP_SYS_ADMIN to perform
mount operations. But since it only forks isolated_app processes, which do not
have access to storage, it does not need to handle mounting.

Test: m checkbuild
Test: angler boots

Bug: 21643067
Change-Id: Ieb75cc3009ed26b7366213409d5fad836f597084

core/jni/com_android_internal_os_Zygote.cpp patch | blob | history

diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp
index 5202a98..3e111c0 100644 (file)
--- a/core/jni/com_android_internal_os_Zygote.cpp
+++ b/core/jni/com_android_internal_os_Zygote.cpp
@@ -297,12 +297,6 @@ static bool MountEmulatedStorage(uid_t uid, jint mount_mode,
         bool force_mount_namespace) {
     // See storage config details at http://source.android.com/tech/storage/
 
-    // Create a second private mount namespace for our process
-    if (unshare(CLONE_NEWNS) == -1) {
-        ALOGW("Failed to unshare(): %s", strerror(errno));
-        return false;
-    }
-
     String8 storageSource;
     if (mount_mode == MOUNT_EXTERNAL_DEFAULT) {
         storageSource = "/mnt/runtime/default";
@@ -314,6 +308,13 @@ static bool MountEmulatedStorage(uid_t uid, jint mount_mode,
         // Sane default of no storage visible
         return true;
     }
+
+    // Create a second private mount namespace for our process
+    if (unshare(CLONE_NEWNS) == -1) {
+        ALOGW("Failed to unshare(): %s", strerror(errno));
+        return false;
+    }
+
     if (TEMP_FAILURE_RETRY(mount(storageSource.string(), "/storage",
             NULL, MS_BIND | MS_REC | MS_SLAVE, NULL)) == -1) {
         ALOGW("Failed to mount %s to /storage: %s", storageSource.string(), strerror(errno));
frameworks/base
About OSDN
Find Software
Develop Software
Help