Isolate app profile ref data

Due to aosp/1708274, ref data directory is now world accessible. We need to fix ref data directory so that it does not leak app visibility information. Bug: 189787375 Test: AppDataIsolationTests Merged-In: I716852478ce0734c7038934c88c36a567c06393f Change-Id: I351fd9763c4bdb6d3c0c9a9047de9a4f9986bd03
2021-06-15 17:43:00 +00:00 · 2021-06-15 17:43:00 +00:00 · 7980327d6b
parent 2efdeec6eb
commit 7980327d6b
1 changed files with 3 additions and 0 deletions
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@ -881,6 +881,8 @@ on post-fs-data
    # Create mirror directory for jit profiles
    mkdir /data_mirror/cur_profiles 0700 root root
    mount none /data/misc/profiles/cur /data_mirror/cur_profiles bind rec
+    mkdir /data_mirror/ref_profiles 0700 root root
+    mount none /data/misc/profiles/ref /data_mirror/ref_profiles bind rec

    mkdir /data/cache 0770 system cache encryption=Require
    mkdir /data/cache/recovery 0770 system cache
@ -1262,6 +1264,7 @@ on userspace-reboot-fs-remount
  umount /data_mirror/data_ce/null
  umount /data_mirror/data_de/null
  umount /data_mirror/cur_profiles
+  umount /data_mirror/ref_profiles
  umount /data_mirror
  remount_userdata
  start bootanim