Comments (1)
/**
* Hide the CE and DE data directories of non-related apps.
*
* Without this, apps can detect if any app is installed by trying to "touch" the app's CE
* or DE data directory, e.g. /data/data/com.whatsapp. This fails with EACCES if the app
* is installed, or ENOENT if it's not. Traditional file permissions or SELinux can only
* block accessing those directories but can't fix fingerprinting like this.
*
* Instead, we hide non-related apps' data directories from the filesystem entirely by
* mounting tmpfs instances over their parent directories and bind-mounting in just the
* needed app data directories. This is done in a private mount namespace.
*
* Steps:
* (1) Collect a list of all related apps (apps with same uid and allowlisted apps) data info
* (package name, data stored volume uuid, and inode number of its CE data directory)
* (2) Mount tmpfs on /data/data and /data/user{,_de}, and on /mnt/expand/$volume/user{,_de}
* for all adoptable storage volumes. This hides all app data directories.
* (3) For each related app, create stubs for its data directories in the relevant tmpfs
* instances, then bind mount in the actual directories from /data_mirror. This works
* for both the CE and DE directories. DE storage is always unlocked, whereas the
* app's CE directory can be found via inode number if CE storage is locked.
*
* Example assuming user 0, app "com.android.foo", no shared uid, and no adoptable storage:
* (1) Info = ["com.android.foo", "null" (volume uuid "null"=default), "123456" (inode number)]
* (2) Mount tmpfs on /data/data, /data/user, and /data/user_de.
* (3) For DE storage, create a directory /data/user_de/0/com.android.foo and bind mount
* /data_mirror/data_de/0/com.android.foo onto it.
* (4) Do similar for CE storage. But if the device is in direct boot mode, then CE
* storage will be locked, so the app's CE data directory won't exist at the usual
* path /data_mirror/data_ce/0/com.android.foo. It will still exist in
* /data_mirror/data_ce/0, but its filename will be an unpredictable no-key name. In
* this case, we use the inode number to find the right directory instead. Note that
* the bind-mounted app CE data directory will remain locked. It will be unlocked
* automatically if/when the user's CE storage is unlocked, since adding an encryption
* key takes effect on a whole filesystem instance including all its mounts.
*/
from sdmaid-se.
Related Issues (20)
- Duplicate PHOTOS HOT 2
- Tablet Layout HOT 1
- The buttons to run do not work. HOT 1
- Route exclusion don't work for Telegram hidden /data directory HOT 6
- Cache Cleaner HOT 2
- Hyper OS adaptation HOT 5
- Configurable deduplication criteria HOT 2
- The software crashes in some cases HOT 1
- App cleaner mistake click HOT 1
- Empty folder in Android/Data not cleaned with root Android 13 HOT 1
- Update via Google Play store HOT 1
- After a clean, data deleted report stays on screen rather than fades away
- Can't install the latest update HOT 6
- StorageAnalyzer slows system responsiveness after opening heavily populated media folders HOT 5
- AppCleaner bug HOT 3
- I find the folder android with three folders of obb media and data in my sd card. What should I do
- Scheduler issue HOT 3
- Error HOT 1
- Pro version HOT 1
- Feature to share filtered list of apps like in sdmaid 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sdmaid-se.