diff options
| author | Ricky Wai <rickywai@google.com> | 2019-12-10 19:08:18 +0000 |
|---|---|---|
| committer | Ricky Wai <rickywai@google.com> | 2019-12-17 16:11:09 +0000 |
| commit | 4482ab53d17140dfeb756ff595b66fb641f1addf (patch) | |
| tree | 3de74646e88f0275ab743bcb2602a62769bff117 /rs/java/android/renderscript/Element.java | |
| parent | 5a8fe7a028a601c6f11640a4b96bfdf923f95512 (diff) | |
App data directory isolation
- During Zygote fork (before setuid), Zygote will create a tmpfs overlay
(mount namespace) on its DE and CE directories, so app process cannot
access the actual DE CE directory anymore.
- In the overlay tmpfs directory, zygote will create its app and
whitelisted app data directories.
- Bind mount (namespace) the mirror data directory to the directories in
tmpfs overlay.
- When CE storage is ready, ask installd to prepare CE storage's data mirror.
Bug: 143937733
Test: Test app shows it cannot access other apps data directory anymore
Test: Test app shows it can access whitelisted app / same uid app data
directory.
Change-Id: I64e06c1ffd962a7134a176aad33c06b5f661f7cd
Diffstat (limited to 'rs/java/android/renderscript/Element.java')
0 files changed, 0 insertions, 0 deletions