Isolate app profile ref data

Due to aosp/1708274, ref data directory is now world accessible. We need to fix ref data directory so that it does not leak app visibility information. Bug: 189787375 Test: AppDataIsolationTests Merged-In: I716852478ce0734c7038934c88c36a567c06393f Change-Id: I351fd9763c4bdb6d3c0c9a9047de9a4f9986bd03
author: Treehugger Robot <treehugger-gerrit@google.com> 2021-06-15 17:43:00 +0000
committer: Ricky Wai <rickywai@google.com> 2021-06-17 19:13:54 +0100
commit: 7980327d6b51c876c332a35142ff67e4324f1734 (patch)
tree: 656e4a9009317d71742ed00334f63fcfdce381ed
parent: 2efdeec6eb1f9f9e7ea9eba59d40058a94749bb6 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 6e85da58b..85c107da7 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -881,6 +881,8 @@ on post-fs-data
     # Create mirror directory for jit profiles
     mkdir /data_mirror/cur_profiles 0700 root root
     mount none /data/misc/profiles/cur /data_mirror/cur_profiles bind rec
+    mkdir /data_mirror/ref_profiles 0700 root root
+    mount none /data/misc/profiles/ref /data_mirror/ref_profiles bind rec
 
     mkdir /data/cache 0770 system cache encryption=Require
     mkdir /data/cache/recovery 0770 system cache
@@ -1262,6 +1264,7 @@ on userspace-reboot-fs-remount
   umount /data_mirror/data_ce/null
   umount /data_mirror/data_de/null
   umount /data_mirror/cur_profiles
+  umount /data_mirror/ref_profiles
   umount /data_mirror
   remount_userdata
   start bootanim
author	Treehugger Robot <treehugger-gerrit@google.com>	2021-06-15 17:43:00 +0000
committer	Ricky Wai <rickywai@google.com>	2021-06-17 19:13:54 +0100
commit	7980327d6b51c876c332a35142ff67e4324f1734 (patch)
tree	656e4a9009317d71742ed00334f63fcfdce381ed
parent	2efdeec6eb1f9f9e7ea9eba59d40058a94749bb6 (diff)