diff options
| author | Treehugger Robot <treehugger-gerrit@google.com> | 2021-03-02 19:03:54 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2021-03-02 19:03:54 +0000 |
| commit | ca3fbd1e4b7195ede5a460a3e7614e97967ef700 (patch) | |
| tree | a0cb90ce6364fb3e322eb38f0f49134431a81861 | |
| parent | b06061caceb3484c0062d8ea86a59c04dda43abe (diff) | |
| parent | f6546171afbab091cab7ac7d3230df829a146371 (diff) | |
| download | vold-ca3fbd1e4b7195ede5a460a3e7614e97967ef700.tar.gz | |
Merge "Set a default ACL on /data/media/userId." am: f6546171af
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1603534
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I13d1ee215c805b25d73e3d39508ea05cdc60b703
| -rw-r--r-- | FsCrypt.cpp | 11 | ||||
| -rw-r--r-- | Utils.cpp | 4 | ||||
| -rw-r--r-- | Utils.h | 3 |
3 files changed, 15 insertions, 3 deletions
diff --git a/FsCrypt.cpp b/FsCrypt.cpp index 82a2012c..a56d1960 100644 --- a/FsCrypt.cpp +++ b/FsCrypt.cpp @@ -74,6 +74,7 @@ using android::vold::KeyBuffer; using android::vold::KeyGeneration; using android::vold::retrieveKey; using android::vold::retrieveOrGenerateKey; +using android::vold::SetDefaultAcl; using android::vold::SetQuotaInherit; using android::vold::SetQuotaProjectId; using android::vold::writeStringToFile; @@ -854,7 +855,15 @@ bool fscrypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_ if (!prepare_dir(misc_ce_path, 01771, AID_SYSTEM, AID_MISC)) return false; if (!prepare_dir(vendor_ce_path, 0771, AID_ROOT, AID_ROOT)) return false; } - if (!prepare_dir(media_ce_path, 0770, AID_MEDIA_RW, AID_MEDIA_RW)) return false; + if (!prepare_dir(media_ce_path, 02770, AID_MEDIA_RW, AID_MEDIA_RW)) return false; + // On devices without sdcardfs (kernel 5.4+), the path permissions aren't fixed + // up automatically; therefore, use a default ACL, to ensure apps with MEDIA_RW + // can keep reading external storage; in particular, this allows app cloning + // scenarios to work correctly on such devices. + int ret = SetDefaultAcl(media_ce_path, 02770, AID_MEDIA_RW, AID_MEDIA_RW, {AID_MEDIA_RW}); + if (ret != android::OK) { + return false; + } if (!prepare_dir(user_ce_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false; @@ -136,8 +136,8 @@ status_t DestroyDeviceNode(const std::string& path) { } // Sets a default ACL on the directory. -int SetDefaultAcl(const std::string& path, mode_t mode, uid_t uid, gid_t gid, - std::vector<gid_t> additionalGids) { +status_t SetDefaultAcl(const std::string& path, mode_t mode, uid_t uid, gid_t gid, + std::vector<gid_t> additionalGids) { if (IsSdcardfsUsed()) { // sdcardfs magically takes care of this return OK; @@ -51,6 +51,9 @@ std::string GetFuseMountPathForUser(userid_t user_id, const std::string& relativ status_t CreateDeviceNode(const std::string& path, dev_t dev); status_t DestroyDeviceNode(const std::string& path); +status_t SetDefaultAcl(const std::string& path, mode_t mode, uid_t uid, gid_t gid, + std::vector<gid_t> additionalGids); + status_t AbortFuseConnections(); int SetQuotaInherit(const std::string& path); |