Merge "Multi-user external storage support." into jb-mr1-dev

adb/adb.c

@@ -35,6 +35,7 @@
 #include <private/android_filesystem_config.h>
 #include <linux/capability.h>
 #include <linux/prctl.h>
+#include <sys/mount.h>
 #else
 #include "usb_vendors.h"
 #endif
@@ -989,6 +990,26 @@ static int should_drop_privileges() {
 }
 #endif /* !ADB_HOST */
 
+#if !ADB_HOST
+/* Give ourselves access to external storage, which is otherwise protected. */
+static void mount_external_storage(void) {
+    // Create private mount namespace for our process
+    if (unshare(CLONE_NEWNS) == -1) {
+        fatal_errno("Failed to unshare()");
+    }
+
+    // Mark rootfs as being a slave in our process so that changes
+    // from parent namespace flow into our process.
+    if (mount("rootfs", "/", NULL, (MS_SLAVE | MS_REC), NULL) == -1) {
+        fatal_errno("Failed to mount() rootfs as MS_SLAVE");
+    }
+
+    if (mount(EXTERNAL_STORAGE_SYSTEM, EXTERNAL_STORAGE_APP, "none", MS_BIND, NULL) == -1) {
+        fatal_errno("Failed to mount() from %s", EXTERNAL_STORAGE_SYSTEM);
+    }
+}
+#endif /* !ADB_HOST */
+
 int adb_main(int is_daemon, int server_port)
 {
 #if !ADB_HOST
@@ -1008,7 +1029,6 @@ int adb_main(int is_daemon, int server_port)
 
     init_transport_registration();
 
-
 #if ADB_HOST
     HOST = 1;
     usb_vendors_init();
@@ -1022,6 +1042,8 @@ int adb_main(int is_daemon, int server_port)
     }
 #else
 
+    mount_external_storage();
+
     /* don't listen on a port (default 5037) if running in secure mode */
     /* don't run as root if we are running in secure mode */
     if (should_drop_privileges()) {

include/cutils/multiuser.h

@@ -30,9 +30,9 @@ extern "C" {
 typedef uid_t userid_t;
 typedef uid_t appid_t;
 
-extern userid_t getUserId(uid_t uid);
-extern appid_t getAppId(uid_t uid);
-extern uid_t getUid(userid_t userId, appid_t appId);
+extern userid_t multiuser_getUserId(uid_t uid);
+extern appid_t multiuser_getAppId(uid_t uid);
+extern uid_t multiuser_getUid(userid_t userId, appid_t appId);
 
 #ifdef __cplusplus
 }

include/private/android_filesystem_config.h

@@ -229,6 +229,9 @@ static struct fs_path_config android_files[] = {
     { 00644, AID_ROOT,      AID_ROOT,       0 },
 };
 
+#define EXTERNAL_STORAGE_SYSTEM "/mnt/secure/sdcard0"
+#define EXTERNAL_STORAGE_APP "/storage/sdcard0"
+
 static inline void fs_config(const char *path, int dir,
                              unsigned *uid, unsigned *gid, unsigned *mode)
 {

libcutils/Android.mk

@@ -50,7 +50,8 @@ commonSources := \
 	threads.c \
 	sched_policy.c \
 	iosched_policy.c \
-	str_parms.c
+	str_parms.c \
+	multiuser.c
 
 commonHostSources := \
         ashmem-host.c
@@ -124,8 +125,7 @@ LOCAL_SRC_FILES := $(commonSources) \
         mq.c \
         partition_utils.c \
         qtaguid.c \
-        uevent.c \
-        multiuser.c
+        uevent.c
 
 ifeq ($(TARGET_ARCH),arm)
 LOCAL_SRC_FILES += arch-arm/memset32.S

libcutils/multiuser.c

@@ -14,19 +14,16 @@
  * limitations under the License.
  */
 
-#include <stdlib.h>
-#include <unistd.h>
-#include <fcntl.h>
 #include <cutils/multiuser.h>
 
-userid_t getUserId(uid_t uid) {
+userid_t multiuser_getUserId(uid_t uid) {
     return uid / MULTIUSER_APP_PER_USER_RANGE;
 }
 
-appid_t getAppId(uid_t uid) {
+appid_t multiuser_getAppId(uid_t uid) {
     return uid % MULTIUSER_APP_PER_USER_RANGE;
 }
 
-uid_t getUid(userid_t userId, appid_t appId) {
+uid_t multiuser_getUid(userid_t userId, appid_t appId) {
     return userId * MULTIUSER_APP_PER_USER_RANGE + (appId % MULTIUSER_APP_PER_USER_RANGE);
 }

rootdir/init.rc

@@ -128,6 +128,8 @@ on fs
 on post-fs
     # once everything is setup, no need to modify /
     mount rootfs rootfs / ro remount
+    # mount shared so changes propagate into child namespaces
+    mount rootfs rootfs / shared rec
 
     # We chown/chmod /cache again so because mount is run as root + defaults
     chown system cache /cache