From 9527b223a9d4a4d149bb005afc77148dbeeff785 Mon Sep 17 00:00:00 2001 From: Jeff Sharkey Date: Wed, 24 Jun 2015 15:24:48 -0700 Subject: Let's reinvent storage, yet again! Now that we're treating storage as a runtime permission, we need to grant read/write access without killing the app. This is really tricky, since we had been using GIDs for access control, and they're set in stone once Zygote drops privileges. The only thing left that can change dynamically is the filesystem itself, so let's do that. This means changing the FUSE daemon to present itself as three different views: /mnt/runtime_default/foo - view for apps with no access /mnt/runtime_read/foo - view for apps with read access /mnt/runtime_write/foo - view for apps with write access There is still a single location for all the backing files, and filesystem permissions are derived the same way for each view, but the file modes are masked off differently for each mountpoint. During Zygote fork, it wires up the appropriate storage access into an isolated mount namespace based on the current app permissions. When the app is granted permissions dynamically at runtime, the system asks vold to jump into the existing mount namespace and bind mount the newly granted access model into place. Bug: 21858077 Change-Id: I62fb25d126dd815aea699b33d580e3afb90f8fd2 --- data/etc/platform.xml | 15 --------------- 1 file changed, 15 deletions(-) (limited to 'data') diff --git a/data/etc/platform.xml b/data/etc/platform.xml index c517201..377e6a16 100644 --- a/data/etc/platform.xml +++ b/data/etc/platform.xml @@ -58,21 +58,6 @@ - - - - - - - - - - - - - - - -- cgit v1.1