Enable improved user separation by default.

This is already on for all Pixel devices with no problems observed.

If this causes issues with a specific device (e.g. vendor apps being
unable to access their data) it can be temporarily disabled by adding

PRODUCT_PROPERTY_OVERRIDES += ro.vold.level_from_user=0

to the device.mk file. Please file a bug if that happens.

Bug: 141677108
Test: presubmits
Ignore-AOSP-First: Want to assess impact internally before CP to AOSP
Change-Id: Ic9da534f1a5f4c9e3bd62ea5c09a3b11ebcb33e7
This commit is contained in:
Alan Stokes 2020-11-19 16:56:52 +00:00
parent 9ce9cbeb21
commit 763393644a

View file

@ -795,7 +795,7 @@ bool fscrypt_lock_user_key(userid_t user_id) {
static bool prepare_subdirs(const std::string& action, const std::string& volume_uuid,
userid_t user_id, int flags) {
// TODO(b/141677108): Remove this & make it the default behavior
if (android::base::GetProperty("ro.vold.level_from_user", "0") == "1") {
if (android::base::GetProperty("ro.vold.level_from_user", "1") == "1") {
flags |= android::os::IVold::STORAGE_FLAG_LEVEL_FROM_USER;
}