if (mount("rootfs", "/", NULL, (MS_SLAVE | MS_REC), NULL) == -1) { SLOGE("Failed to mount() rootfs as MS_SLAVE: %s", strerror(errno)); return -1; }
--- kernel_orig/fs/namespace.c 2014-01-23 15:34:18.000000000 +1100 +++ kernel/fs/namespace.c 2014-04-11 15:18:22.258114000 +1100 @@ -2141,6 +2141,21 @@ if (data_page) ((char *)data_page)[PAGE_SIZE - 1] = 0; +#ifdef CONFIG_RESTRICT_ROOTFS_SLAVE + /* Check if this is an attempt to mark "/" as recursive-slave. */ + if (strcmp(dir_name, "/") == 0 && flags == (MS_SLAVE | MS_REC)) { + static const char storage[] = "/storage"; + long res; + /* Mark /storage as recursive-slave instead. */ + if ((res = do_mount(NULL, (char *)storage, NULL, (MS_SLAVE | MS_REC), NULL)) == 0) { + return 0; + } else { + pr_warn("Failed to mount %s as MS_SLAVE: %ld\n", storage, res); + } + /* Fallback: Mark rootfs as recursive-slave as requested. */ + } +#endif + /* ... and get the mountpoint */ retval = kern_path(dir_name, LOOKUP_FOLLOW, &path); if (retval)
mkdir /storage 0050 root sdcard_r mount tmpfs tmpfs /storage mode=0050,uid=0,gid=1028
mkdir ~/android cd ~/android tar xjf android-ndk-r9d-linux-x86_64.tar.bz2 unzip SM-T525_SEA_KK_Opensource.zip mkdir kernel cd kernel tar xzf ../Kernel.tar.gz
--- kernel_orig/fs/namespace.c 2014-01-23 15:34:18.000000000 +1100 +++ kernel/fs/namespace.c 2014-04-11 15:18:22.258114000 +1100 @@ -2141,6 +2141,21 @@ if (data_page) ((char *)data_page)[PAGE_SIZE - 1] = 0; +#ifdef CONFIG_RESTRICT_ROOTFS_SLAVE + /* Check if this is an attempt to mark "/" as recursive-slave. */ + if (strcmp(dir_name, "/") == 0 && flags == (MS_SLAVE | MS_REC)) { + static const char storage[] = "/storage"; + long res; + /* Mark /storage as recursive-slave instead. */ + if ((res = do_mount(NULL, (char *)storage, NULL, (MS_SLAVE | MS_REC), NULL)) == 0) { + return 0; + } else { + pr_warn("Failed to mount %s as MS_SLAVE: %ld\n", storage, res); + } + /* Fallback: Mark rootfs as recursive-slave as requested. */ + } +#endif + /* ... and get the mountpoint */ retval = kern_path(dir_name, LOOKUP_FOLLOW, &path); if (retval) --- kernel_orig/fs/Kconfig 2014-01-23 15:34:17.000000000 +1100 +++ kernel/fs/Kconfig 2014-04-10 19:29:30.990114000 +1100 @@ -292,4 +292,29 @@ source "fs/nls/Kconfig" source "fs/dlm/Kconfig" +config RESTRICT_ROOTFS_SLAVE + bool "Android: Restrict rootfs slave mountspace to /storage" + help + Restrict slave mountspace so Dalvik apps can mount system-wide volumes + + Android 4.2 implements multi-user storage using per-process mount + namespaces. Everything under "/" (the entire filesystem hierarchy) is + marked as a recursive-slave mountspace for all zygote instances. This is + done so that user-storage sandbox mounts under /storage/emulated are hidden + from other apps and users. Unfortunately this means that any Dalvik app + (actually, any program whose clone/fork ancestry includes a Dalvik zygote, + which is everything except services spawned directly from init) cannot + mount system-wide volumes. + + This option restricts rootfs-slave calls to /storage (and + /mnt/shell/emulated) so that Dalvik apps can mount system-wide volumes + elsewhere (with appropriate permission, as in earlier versions of Android), + while retaining full multi-user storage compatibility. It is made + available as a kernel-based workaround for instances where libdvm can not + be modified. + + This option requires that a tmpfs volume is mounted as /storage in + Android init.rc. If this volume is unavailable, then we fall back to the + previous behavior of marking the entire filesystem hierarchy as slave. + endmenu
patch -p1 < shared_rootfs.patch
export CROSS_COMPILE="~/android/android-ndk-r9d/toolchains/arm-linux-androideabi-4.6/prebuilt/linux-x86_64/bin/arm-linux-androideabi-" export ARCH="arm" make mrproper make VARIANT_DEFCONFIG=msm8974_sec_picassoeur_defconfig msm8974_sec_defconfig SELINUX_DEFCONFIG=selinux_defconfig
tar xf T525XXUANB2_T525SERANA6_T525XXUANA7_HOME.tar.md5 boot.img
mkdir ~/adndroid/bootimg_tools cd ~/adnroid/bootimg_tools unzip ../bootimg_tools_7.8.13.zip ./split_boot ../boot.img
setsebool debugfs 0 setenforce 0
mount tmpfs tmpfs /storage mode=0050,uid=0,gid=1028
./repack_ramdisk boot/ramdisk ramdisk.cpio.gz cp boot/ramdisk.cpio.gz ~/android/kernel
cd ~/android/kernel ./tools/dtbTool -o dt.img -s 2048 -p ./scripts/dtc/ ./arch/arm/boot/
./tools/mkbootimg --kernel ./arch/arm/boot/zImage --ramdisk ramdisk.cpio.gz --cmdline 'console=null androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0x37 ehci-hcd.park=3' --base 0x00000000 --pagesize 2048 --ramdisk_offset 0x02000000 --tags_offset 0x01E00000 --dt dt.img -o boot.img
tar -H ustar -c boot.img > boot.tar md5sum -t boot.tar >> boot.tar mv boot.tar boot.tar.md5
mount -t cifs //pc/share /mnt
no longer works, the mounted ball must be specified in the unc parameter, i.e. The previous command will look like this:
mount -t cifs -o unc=\\\\pc\\share none /mnt
mount -t cifs -o unc=\\\\pc\\share,username=user,password=123,sec=ntlmssp none /data/media/0/cifs
Source: https://habr.com/ru/post/220309/