From 7bfe477b3d74490bcfa516d1fe7ffa2f04201449 Mon Sep 17 00:00:00 2001
From: Jooyung Han <jooyung@google.com>
Date: Mon, 14 Sep 2020 17:29:13 +0900
Subject: [PATCH] init: "init subcontext" in default mount namespace

"init subcontext" is responsible to handle a few commands in vendor
context. To support Vendor APEX, "init subcontext" is now started in
"default" mount namespace so that those commands can access /apex/*.

For example, insmod should see the contents of /apex to install kernel
modules in apexes.

Bug: 162701747
Test: adb shell ps -ef | grep init
      => check pid of <init subcontext>
      adb shell readlink /proc/<pid: init>/ns/mnt
      adb shell readlink /proc/<pid: init subcontext>/ns/mnt
      => check if these are equal
Change-Id: Icd5e862e52d78635e83824b267b6d32d8f3e9eea
---
 init/subcontext.cpp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/init/subcontext.cpp b/init/subcontext.cpp
index 9d4ea8cd3..dc2455e2f 100644
--- a/init/subcontext.cpp
+++ b/init/subcontext.cpp
@@ -30,6 +30,7 @@
 
 #include "action.h"
 #include "builtins.h"
+#include "mount_namespace.h"
 #include "proto_utils.h"
 #include "util.h"
 
@@ -217,7 +218,13 @@ void Subcontext::Fork() {
                 PLOG(FATAL) << "Could not set execcon for '" << context_ << "'";
             }
         }
-
+#if defined(__ANDROID__)
+        // subcontext init runs in "default" mount namespace
+        // so that it can access /apex/*
+        if (auto result = SwitchToMountNamespaceIfNeeded(NS_DEFAULT); !result.ok()) {
+            LOG(FATAL) << "Could not switch to \"default\" mount namespace: " << result.error();
+        }
+#endif
         auto init_path = GetExecutablePath();
         auto child_fd_string = std::to_string(child_fd);
         const char* args[] = {init_path.c_str(), "subcontext", context_.c_str(),