Zygote: remount /system nosuid/nodev

Android no longer has any setuid / setgid programs accessible
to zygote. Make sure /system is remounted nosuid and nodev
for zygote spawned processes.

We use mount namespaces to make sure these changes are
only visible to zygote spawned processes. We continue to need
/system mounted with suid to support /system/bin/run-as.
See also: b/8253345

Change-Id: Ib58a8d56b42e4b022b6b4e51932f0a415298c920
1 file changed