From 7980327d6b51c876c332a35142ff67e4324f1734 Mon Sep 17 00:00:00 2001
From: Treehugger Robot <treehugger-gerrit@google.com>
Date: Tue, 15 Jun 2021 17:43:00 +0000
Subject: [PATCH] Isolate app profile ref data

Due to aosp/1708274, ref data directory is now world accessible.
We need to fix ref data directory so that it does not leak app
visibility information.

Bug: 189787375
Test: AppDataIsolationTests
Merged-In: I716852478ce0734c7038934c88c36a567c06393f
Change-Id: I351fd9763c4bdb6d3c0c9a9047de9a4f9986bd03
---
 rootdir/init.rc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 6e85da58b..85c107da7 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -881,6 +881,8 @@ on post-fs-data
     # Create mirror directory for jit profiles
     mkdir /data_mirror/cur_profiles 0700 root root
     mount none /data/misc/profiles/cur /data_mirror/cur_profiles bind rec
+    mkdir /data_mirror/ref_profiles 0700 root root
+    mount none /data/misc/profiles/ref /data_mirror/ref_profiles bind rec
 
     mkdir /data/cache 0770 system cache encryption=Require
     mkdir /data/cache/recovery 0770 system cache
@@ -1262,6 +1264,7 @@ on userspace-reboot-fs-remount
   umount /data_mirror/data_ce/null
   umount /data_mirror/data_de/null
   umount /data_mirror/cur_profiles
+  umount /data_mirror/ref_profiles
   umount /data_mirror
   remount_userdata
   start bootanim