From 259a49ae155f19f4d313378bf9553984b3c5228e Mon Sep 17 00:00:00 2001
From: Ricky Wai <rickywai@google.com>
Date: Fri, 19 Mar 2021 15:35:49 +0000
Subject: [PATCH] Vold will always bind mount obb and data dirs to lowerfs

So shell / root will always access to them directly not via fuse.
And zygote will be unmount these directories to prevent them being
abused for leaking app visibility.

Also, /mnt/androidwritable is not very useful now as it's the same as
/mnt/installer, but we should make shell / root to access /mnt/androidwritable
later and /mnt/installer should only access obb but not data dir.

Bug: 182997439
Test: Able to boot without errors
Test: df on /sdcard/Android/data shows it's no on fuse.
Change-Id: I2ad10b1e80c135f637d37ddf502ee010f89f4946
---
 model/EmulatedVolume.cpp | 68 +++++++++++-------------------------------------
 1 file changed, 15 insertions(+), 53 deletions(-)

diff --git a/model/EmulatedVolume.cpp b/model/EmulatedVolume.cpp
index db93bc2..2555a86 100644
--- a/model/EmulatedVolume.cpp
+++ b/model/EmulatedVolume.cpp
@@ -116,24 +116,22 @@ status_t EmulatedVolume::mountFuseBindMounts() {
     }
 
     status_t status = OK;
-    // When app data isolation is enabled, obb/ will be mounted per app, otherwise we should
-    // bind mount the whole Android/ to speed up reading.
-    if (!mAppDataIsolationEnabled) {
-        std::string androidDataSource = StringPrintf("%s/data", androidSource.c_str());
-        std::string androidDataTarget(
-                StringPrintf("/mnt/user/%d/%s/%d/Android/data", userId, label.c_str(), userId));
-        status = doFuseBindMount(androidDataSource, androidDataTarget, pathsToUnmount);
-        if (status != OK) {
-            return status;
-        }
+    // Zygote will unmount these dirs if app data isolation is enabled, so apps
+    // cannot access these dirs directly.
+    std::string androidDataSource = StringPrintf("%s/data", androidSource.c_str());
+    std::string androidDataTarget(
+            StringPrintf("/mnt/user/%d/%s/%d/Android/data", userId, label.c_str(), userId));
+    status = doFuseBindMount(androidDataSource, androidDataTarget, pathsToUnmount);
+    if (status != OK) {
+        return status;
+    }
 
-        std::string androidObbSource = StringPrintf("%s/obb", androidSource.c_str());
-        std::string androidObbTarget(
-                StringPrintf("/mnt/user/%d/%s/%d/Android/obb", userId, label.c_str(), userId));
-        status = doFuseBindMount(androidObbSource, androidObbTarget, pathsToUnmount);
-        if (status != OK) {
-            return status;
-        }
+    std::string androidObbSource = StringPrintf("%s/obb", androidSource.c_str());
+    std::string androidObbTarget(
+            StringPrintf("/mnt/user/%d/%s/%d/Android/obb", userId, label.c_str(), userId));
+    status = doFuseBindMount(androidObbSource, androidObbTarget, pathsToUnmount);
+    if (status != OK) {
+        return status;
     }
 
     // Installers get the same view as all other apps, with the sole exception that the
@@ -150,44 +148,8 @@ status_t EmulatedVolume::mountFuseBindMounts() {
         if (status != OK) {
             return status;
         }
-    } else if (mAppDataIsolationEnabled) {
-        std::string obbSource(StringPrintf("%s/obb", androidSource.c_str()));
-        std::string obbInstallerTarget(StringPrintf("/mnt/installer/%d/%s/%d/Android/obb",
-                userId, label.c_str(), userId));
-
-        status = doFuseBindMount(obbSource, obbInstallerTarget, pathsToUnmount);
-        if (status != OK) {
-            return status;
-        }
     }
 
-    // /mnt/androidwriteable is similar to /mnt/installer, but it's for
-    // MOUNT_EXTERNAL_ANDROID_WRITABLE apps and it can also access DATA (Android/data) dirs.
-    if (mAppDataIsolationEnabled) {
-        std::string obbSource = mUseSdcardFs ?
-            StringPrintf("/mnt/runtime/write/%s/%d/Android/obb", label.c_str(), userId)
-            : StringPrintf("%s/obb", androidSource.c_str());
-
-        std::string obbAndroidWritableTarget(
-                StringPrintf("/mnt/androidwritable/%d/%s/%d/Android/obb",
-                userId, label.c_str(), userId));
-
-        status = doFuseBindMount(obbSource, obbAndroidWritableTarget, pathsToUnmount);
-        if (status != OK) {
-            return status;
-        }
-
-        std::string dataSource = mUseSdcardFs ?
-                StringPrintf("/mnt/runtime/write/%s/%d/Android/data", label.c_str(), userId)
-                : StringPrintf("%s/data", androidSource.c_str());
-        std::string dataTarget(StringPrintf("/mnt/androidwritable/%d/%s/%d/Android/data",
-                userId, label.c_str(), userId));
-
-        status = doFuseBindMount(dataSource, dataTarget, pathsToUnmount);
-        if (status != OK) {
-            return status;
-        }
-    }
     unmount_guard.Disable();
     return OK;
 }
-- 
2.11.0