Zygote: Restrict slave mountspace so Dalvik apps can mount system-wide volumes

Android 4.2 implements multi-user storage using per-process mount
namespaces.  Originally, everything under "/" (the entire filesystem
hierarchy) is marked as a recursive-slave mountspace for all zygote
instances.  This is done so that user-storage sandbox mounts under
/storage/emulated are hidden from other apps and users.

Unfortunately this means that any Dalvik app (actually, any program whose
clone/fork ancestry includes a Dalvik zygote, which is everything except
services spawned directly from init) cannot mount system-wide volumes.
Thus, apps like CifsManager are effectively broken in Android 4.2, since
its cifs mounts are only visible to the CifsManager app itself.  All other
apps see empty mountpoints instead of the mounted volume.  Furthermore,
Linux provides no provision for a process to "escape" a recursive-slave
mountspace in versions prior to Linux 3.8 (setns syscall).

Here, we restrict the slave mountspace to /storage (and, due to a possible
kernel bug, /mnt/shell/emulated) so that Dalvik apps can mount system-wide
volumes elsewhere (with appropriate permission, as in earlier versions of
Android), while retaining full multi-user storage compatibility.

This change requires that a tmpfs volume is mounted as /storage in init.rc.
If this volume is unavailable, then Zygote falls back to the previous
behavior of marking the entire filesystem hierarchy as slave.  It also
implicitly requires that EMULATED_STORAGE_TARGET is path-prefixed by (part
of the subhierarchy of) ANDROID_STORAGE, which is the typical case.

0 files changed, 0 insertions, 0 deletions