From 420830f8a6e41e2bad6ebaed4eac0fbf262639d4 Mon Sep 17 00:00:00 2001
From: Ricky Wai <rickywai@google.com>
Date: Tue, 8 Jun 2021 12:15:14 +0100
Subject: [PATCH] Isolate app profile ref data

Due to aosp/1708274, ref data directory is now world accessible.
We need to fix ref data directory so that it does not leak app
visibility information.

Bug: 189787375
Test: AppDataIsolationTests
Change-Id: I716852478ce0734c7038934c88c36a567c06393f
---
 rootdir/init.rc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index c6b74bc4c..7ba476bcb 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -884,6 +884,8 @@ on post-fs-data
     # Create mirror directory for jit profiles
     mkdir /data_mirror/cur_profiles 0700 root root
     mount none /data/misc/profiles/cur /data_mirror/cur_profiles bind rec
+    mkdir /data_mirror/ref_profiles 0700 root root
+    mount none /data/misc/profiles/ref /data_mirror/ref_profiles bind rec
 
     mkdir /data/cache 0770 system cache encryption=Require
     mkdir /data/cache/recovery 0770 system cache
@@ -1265,6 +1267,7 @@ on userspace-reboot-fs-remount
   umount /data_mirror/data_ce/null
   umount /data_mirror/data_de/null
   umount /data_mirror/cur_profiles
+  umount /data_mirror/ref_profiles
   umount /data_mirror
   remount_userdata
   start bootanim