tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Correct the permission of checkin dir

Browse source 
Gmscore runs in cache group, so set the own:group of the checkin
directory to system:cache to align with other use cases. Because we
want proper user separation when accessing the dir, also provide
user id to set the correct selinux mls_level.

Bug: 197636740
Test: check selinux label, make sure checkin can access the directory.
Change-Id: Id47a2a30a2f37c204ef72a81ac2aebe4ee3a37b0
This commit is contained in:
Tianjie 2021-10-15 20:32:42 -07:00
parent 45d04fb4a2
commit 62487c92ba
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
vold_prepare_subdirs.cpp
View file

@ -208,11 +208,15 @@ static bool prepare_subdirs(const std::string& volume_uuid, int user_id, int fla
if (!prepare_dir(sehandle, 0700, 0, 0, misc_ce_path + "/vold")) return false;
if (!prepare_dir(sehandle, 0700, 0, 0, misc_ce_path + "/storaged")) return false;
if (!prepare_dir(sehandle, 0700, 0, 0, misc_ce_path + "/rollback")) return false;
if (!prepare_dir(sehandle, 0700, 0, 0, misc_ce_path + "/checkin")) return false;
// TODO: Return false if this returns false once sure this should succeed.
prepare_dir(sehandle, 0700, 0, 0, misc_ce_path + "/apexrollback");
prepare_apex_subdirs(sehandle, misc_ce_path);
// Give gmscore (who runs in cache group) access to the checkin directory. Also provide
// the user id to set the correct selinux mls_level.
if (!prepare_dir_for_user(sehandle, 0770, AID_SYSTEM, AID_CACHE,
misc_ce_path + "/checkin", user_id)) {
return false;
}
auto system_ce_path = android::vold::BuildDataSystemCePath(user_id);
if (!prepare_dir(sehandle, 0700, AID_SYSTEM, AID_SYSTEM, system_ce_path + "/backup")) {