tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow external_storage or media_rw gid access /mnt/media_rw

Browse source 
PublicVolumes are mounted on /mnt/media_rw/<volume>. Two categories of
apps need access to the mounts. Fortunately, they need access in
mutually exclusive scenarios.

1. The FUSE daemon needs access when serving content from app requests on
/storage/<volume>.

2. File managers (MANAGE_EXTERNAL_STORAGE permission) need access to
ureliable (USB OTG) volumes that are only available on the
/mnt/media_rw paths, i.e, they are not bind mounted into /storage
for apps.

Additionally, we want to ensure that file managers cannot access
/mnt/media_rw when there's a stacked FUSE volume on it. To do this,
we selectively change the mount gid of the /mnt/media_rw/<volume>
path:
-media_rw if it's a reliable volume, ie there's a stacked FUSE volume
-external_storage if it's an unreliable volume.

This ensures that file managers with their external_storage gid can
access unreliable volumes from /mnt/media_rw and cannot interfere with
the FUSE daemon when it's a reliable volume.

Test: adb shell sm set-force-adoptable [on|off] to set reliable or
unreliable volumes && mounting public volumes shows the correct
ACL on /mnt/media_rw/<volume>
Bug: 144914977

Change-Id: Iecf1a422d39e5137105b5a4946704858ce902a8a
This commit is contained in:
Zim 2020-01-24 22:03:02 +00:00
parent bb972c0e0e
commit c9a2be4e3f
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
model/PublicVolume.cpp
View file

@ -141,13 +141,14 @@ status_t PublicVolume::doMount() {
}
if (mFsType == "vfat") {
if (vfat::Mount(mDevPath, mRawPath, false, false, false, AID_MEDIA_RW, AID_MEDIA_RW, 0007,
true)) {
if (vfat::Mount(mDevPath, mRawPath, false, false, false, AID_ROOT,
(isVisible ? AID_MEDIA_RW : AID_EXTERNAL_STORAGE), 0007, true)) {
PLOG(ERROR) << getId() << " failed to mount " << mDevPath;
return -EIO;
}
} else if (mFsType == "exfat") {
if (exfat::Mount(mDevPath, mRawPath, AID_MEDIA_RW, AID_MEDIA_RW, 0007)) {
if (exfat::Mount(mDevPath, mRawPath, AID_ROOT,
(isVisible ? AID_MEDIA_RW : AID_EXTERNAL_STORAGE), 0007)) {
PLOG(ERROR) << getId() << " failed to mount " << mDevPath;
return -EIO;
}