Multi-user external storage support.

Move FUSE daemon to secure mount point, and relax /storage access
now that sdcard_r is enforced using private bind mounts in zygote.

Bug: 6925012
Change-Id: I6c3b54e07a176408053749de6966b26c9f58bb5f
diff --git a/init.tuna.rc b/init.tuna.rc
index 41d35e4..bf91ed4 100755
--- a/init.tuna.rc
+++ b/init.tuna.rc
@@ -1,17 +1,21 @@
 import init.tuna.usb.rc
 
-on early-init
-	export EXTERNAL_STORAGE /storage/sdcard0
-	mkdir /storage 0050 system sdcard_r
-	mkdir /storage/sdcard0 0000 system system
-	# for backwards compatibility
-	symlink /storage/sdcard0 /sdcard
-	symlink /storage/sdcard0 /mnt/sdcard
+on init
+    mkdir /mnt/secure/sdcard0 0700 root root
+
+    export EXTERNAL_STORAGE /storage/sdcard0
+    mkdir /storage 0711 root root
+    mkdir /storage/sdcard0 0000 root root
+    symlink /storage/sdcard0 /sdcard
+    symlink /storage/sdcard0 /mnt/sdcard
+
+    # Save bugreports as owner
+    export BUGREPORT_WRITE_PATH /mnt/secure/sdcard0/0
+    export BUGREPORT_READ_PATH /storage/sdcard0
 
 on post-fs-data
-	# we will remap this as /storage/sdcard0 with the sdcard fuse tool
-	mkdir /data/media 0770 media_rw media_rw
-	chown media_rw media_rw /data/media
+    mkdir /data/media 0770 media_rw media_rw
+
 	mkdir /data/misc/wifi 0770 wifi wifi
 	mkdir /data/misc/wifi/sockets 0770 wifi wifi
 	mkdir /data/misc/dhcp 0770 dhcp dhcp
@@ -162,11 +166,9 @@
         group drmrpc
         oneshot
 
-# create virtual SD card at /storage/sdcard0, based on the /data/media directory
-# daemon will drop to user/group system/media_rw after initializing
-# underlying files in /data/media will be created with user and group media_rw (1023)
-service sdcard /system/bin/sdcard /data/media /storage/sdcard0 1023 1023
-	class late_start
+# virtual sdcard daemon running as media_rw (1023)
+service sdcard /system/bin/sdcard /data/media /mnt/secure/sdcard0 1023 1023
+    class late_start
 
 service p2p_supplicant /system/bin/wpa_supplicant \
 	-iwlan0 -Dnl80211 -c/data/misc/wifi/wpa_supplicant.conf -N \