-
San Mehat authored
In order to protect the '/android_secure' directory on VFAT removable media from being mucked with by 3rd party applications on the device, we hide the directory with a read-only, zero-sized tmpfs mounted on-top. A reference to the hidden directory is kept by a bind-mount which is mounted at a location which only root can access. Staging consists of: 1. Mount checked media at a secure location (/mnt/secure/staging) 2. Ensure /android_secure exists on the media, (creating if it doesnt) 3. Bind-mount /mnt/secure/staging/android_secure -> /mnt/secure/asec (where only root can access it) 4. Mount an RDONLY zero-sized tmpfs over /mnt/secure/staging/android_secure 5. Atomically move /mnt/secure/staging to the publicly accessable storage directory (/mnt/sdcard) Signed-off-by:San Mehat <san@google.com>
3bb6020e
