Fix UID check in vold.

The CL fixes UID check in vold. Previously appfuse was mounted in application's namespace. For new public version, we mount appfuse in the system process then passes opened files to applications. Bug: 29970149 Test: CTS Change-Id: Icec2e626d31d978c514eb7d1954bb59ad9556c43
2016-12-02 17:00:35 +09:00 · 2016-12-02 17:00:35 +09:00 · 41514c19db
commit 41514c19db
parent 7ec25c715f
1 changed files with 3 additions and 2 deletions
--- a/CommandListener.cpp
+++ b/CommandListener.cpp
@ -703,8 +703,9 @@ static android::status_t runCommandInNamespace(const std::string& command,
            PLOG(ERROR) << "Failed to stat /proc/" << pid;
            return -errno;
        }
-        if (sb.st_uid != uid) {
-            LOG(ERROR) << "Mismatch UID expected=" << uid << ", actual=" << sb.st_uid;
+        if (sb.st_uid != AID_SYSTEM) {
+            LOG(ERROR) << "Only system can mount appfuse. UID expected=" << AID_SYSTEM
+                    << ", actual=" << sb.st_uid;
            return -EPERM;
        }
    }