Organize external storage to enforce sdcard_r.

Create /storage/ to require that users have sdcard_r GID, and place
both emulated and real SD card mount points inside it.  Also reduce
visibility of /data/media.

Bug: 6131916
Change-Id: Ice272d404919a82536386bba299b83ad7b6ad056
diff --git a/init.herring.rc b/init.herring.rc
index 2409d45..345b8b6 100755
--- a/init.herring.rc
+++ b/init.herring.rc
@@ -44,9 +44,11 @@
     mount ext4 /dev/block/platform/s3c-sdhci.0/by-name/system /system wait ro
     mount ext4 /dev/block/platform/s3c-sdhci.0/by-name/userdata /data wait noatime nosuid nodev nomblk_io_submit
-    export EXTERNAL_STORAGE /mnt/sdcard
-    mkdir /mnt/sdcard 0000 system system
-    symlink /mnt/sdcard /sdcard
+    export EXTERNAL_STORAGE /storage/sdcard0
+    mkdir /storage 0550 system sdcard_r
+    mkdir /storage/sdcard0 0000 system system
+    symlink /storage/sdcard0 /sdcard
+    symlink /storage/sdcard0 /mnt/sdcard
 # permissions for bluetooth.
     chown bluetooth bluetooth /efs/bluetooth