From ef9275223c6192adf7433a9c705e4f4816663dd5 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 11 May 2022 05:33:21 +0000 Subject: [PATCH] Move creation of /data/user/0 and /data/media/obb to vold To prevent bugs, directory creation and encryption should happen together. /data/user/0 (and its "alias" /data/data) is a per-user encrypted directory; such directories can only be encrypted by vold. Therefore, move its creation to vold as well. Besides closing the uncomfortably-large gap between the creation and encryption of /data/user/0, this allows removing init's write access to /data/user and similar directories (SELinux type system_userdir_file) to prevent any such issues from being reintroduced in the future. To also allow removing init's write access to /data/media (SELinux type media_userdir_file), which also contains per-user encrypted directories, also move the creation and encryption of /data/media/obb to vold. Bug: 156305599 BYPASS_INCLUSIVE_LANGUAGE_REASON=Linux API ("slave" mount flag) Change-Id: I7245251eeb56b345b6c7711482c0aa5848648edb --- init/util.cpp | 6 ------ rootdir/init.rc | 16 ++++------------ 2 files changed, 4 insertions(+), 18 deletions(-) diff --git a/init/util.cpp b/init/util.cpp index d1e518b57..af6cf509b 100644 --- a/init/util.cpp +++ b/init/util.cpp @@ -465,12 +465,6 @@ static FscryptAction FscryptInferAction(const std::string& dir) { return FscryptAction::kNone; } - // Special-case /data/media/obb per b/64566063 - if (dir == "/data/media/obb") { - // Try to set policy on this directory, but if it is non-empty this may fail. - return FscryptAction::kAttempt; - } - // Only set policy on first level /data directories // To make this less restrictive, consider using a policy file. // However this is overkill for as long as the policy is simply diff --git a/rootdir/init.rc b/rootdir/init.rc index 69e06d02d..a255d1787 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -840,7 +840,6 @@ on post-fs-data # Do not place files or directories in /data/local/tmp mkdir /data/local/tmp 0771 shell shell mkdir /data/local/traces 0777 shell shell - mkdir /data/data 0771 system system encryption=None mkdir /data/app-private 0771 system system encryption=Require mkdir /data/app-ephemeral 0771 system system encryption=Require mkdir /data/app-asec 0700 root root encryption=Require @@ -915,13 +914,6 @@ on post-fs-data mkdir /data/user 0711 system system encryption=None mkdir /data/user_de 0711 system system encryption=None - # Unlink /data/user/0 if we previously symlink it to /data/data - rm /data/user/0 - - # Bind mount /data/user/0 to /data/data - mkdir /data/user/0 0700 system system encryption=None - mount none /data/data /data/user/0 bind rec - # A tmpfs directory, which will contain all apps CE DE data directory that # bind mount from the original source. mount tmpfs tmpfs /data_mirror nodev noexec nosuid mode=0700,uid=0,gid=1000 @@ -933,8 +925,10 @@ on post-fs-data mkdir /data_mirror/data_ce/null 0700 root root mkdir /data_mirror/data_de/null 0700 root root - # Bind mount CE and DE data directory to mirror's default volume directory - mount none /data/user /data_mirror/data_ce/null bind rec + # Bind mount CE and DE data directory to mirror's default volume directory. + # The 'slave' option (MS_SLAVE) is needed to cause the later bind mount of + # /data/data onto /data/user/0 to propagate to /data_mirror/data_ce/null/0. + mount none /data/user /data_mirror/data_ce/null bind rec slave mount none /data/user_de /data_mirror/data_de/null bind rec # Create mirror directory for jit profiles @@ -967,10 +961,8 @@ on post-fs-data wait_for_prop apexd.status activated perform_apex_config - # Special-case /data/media/obb per b/64566063 mkdir /data/media 0770 media_rw media_rw encryption=None exec - media_rw media_rw -- /system/bin/chattr +F /data/media - mkdir /data/media/obb 0770 media_rw media_rw encryption=Attempt # Create directories for boot animation. mkdir /data/bootanim 0755 system system encryption=None