Comments (1)
/**
* Hide the CE and DE data directories of non-related apps.
*
* Without this, apps can detect if any app is installed by trying to "touch" the app's CE
* or DE data directory, e.g. /data/data/com.whatsapp. This fails with EACCES if the app
* is installed, or ENOENT if it's not. Traditional file permissions or SELinux can only
* block accessing those directories but can't fix fingerprinting like this.
*
* Instead, we hide non-related apps' data directories from the filesystem entirely by
* mounting tmpfs instances over their parent directories and bind-mounting in just the
* needed app data directories. This is done in a private mount namespace.
*
* Steps:
* (1) Collect a list of all related apps (apps with same uid and allowlisted apps) data info
* (package name, data stored volume uuid, and inode number of its CE data directory)
* (2) Mount tmpfs on /data/data and /data/user{,_de}, and on /mnt/expand/$volume/user{,_de}
* for all adoptable storage volumes. This hides all app data directories.
* (3) For each related app, create stubs for its data directories in the relevant tmpfs
* instances, then bind mount in the actual directories from /data_mirror. This works
* for both the CE and DE directories. DE storage is always unlocked, whereas the
* app's CE directory can be found via inode number if CE storage is locked.
*
* Example assuming user 0, app "com.android.foo", no shared uid, and no adoptable storage:
* (1) Info = ["com.android.foo", "null" (volume uuid "null"=default), "123456" (inode number)]
* (2) Mount tmpfs on /data/data, /data/user, and /data/user_de.
* (3) For DE storage, create a directory /data/user_de/0/com.android.foo and bind mount
* /data_mirror/data_de/0/com.android.foo onto it.
* (4) Do similar for CE storage. But if the device is in direct boot mode, then CE
* storage will be locked, so the app's CE data directory won't exist at the usual
* path /data_mirror/data_ce/0/com.android.foo. It will still exist in
* /data_mirror/data_ce/0, but its filename will be an unpredictable no-key name. In
* this case, we use the inode number to find the right directory instead. Note that
* the bind-mounted app CE data directory will remain locked. It will be unlocked
* automatically if/when the user's CE storage is unlocked, since adding an encryption
* key takes effect on a whole filesystem instance including all its mounts.
*/
from sdmaid-se.
Related Issues (20)
- Accesibility Service can't be turned on HOT 2
- 執行速度太慢了 HOT 1
- Wrong storage label HOT 1
- Amoled black theme option required. Please add amoled black theme.
- AppCleaner deletion slow 0.20.beta / root HOT 8
- Adb support without Shizuku HOT 4
- scan /data/media/0/ instead of /storage/emulated/0/ for better performance [if root access is available]
- QUERY_ALL_PACKAGES not granted on Samsung (Android 14) HOT 16
- OnePlus 11 @ Android 14 does not return screen content via accessibility service HOT 10
- Sd maid pro HOT 1
- Storage analysis hangs at scanning WhatsApp HOT 5
- SD MAID SE HOT 2
- No funcions HOT 4
- Purchase of Pro Gone HOT 2
- No Pro function after upgrade HOT 4
- Body finder not working HOT 1
- Add support for non-default system languages HOT 1
- AppCleaner deletion issue HOT 1
- Slow HOT 1
- App data always eats a lot of time to load apps in AppControl HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sdmaid-se.