[incfs] Add support of special procfs link paths
vold needs to verify the paths it uses for incfs mounts,
and the only secure way as of now is to open each path
in vold and pass a special /proc/self/fd/<id> link further
This ensures the path remains untouched during the operation,
and no timing attack is possible between verification and
the mounting
Unfortunately, there's plenty of places where these paths
differ in behavior from normal:
- mountinfo doesn't resolve the symlink path and keeps
returning it for the bakcing dir
- after mounting fd keeps pointing to the original empty
directory, and not to the new incfs instance
- some operations fail on these paths with EPERM
This CL adds support for such paths to all mounting operations
Bug: 198657657
Test: manual
Change-Id: I1b703ba7750302fc808299bfaa67293a2bfa4784
Merged-In: I1b703ba7750302fc808299bfaa67293a2bfa4784
4 files changed