When creating external storage directories like /data/media/0, make sure
we set the quota project ID correctly, and enable project ID
inheritance. This ensures that all directories/files under this will be
created with the correct project ID and inheritance as well.
Bug: 146419093
Test: lsattr -p on /data/media
Change-Id: I32bfced0d67eb8c1865897b085324f00c55926a0
On devices without sdcardfs, application-specific directories have a
particular GID that ensure some privileged daemons (like installers) are
able to write to them. Android applications however run with a umask of 0077, which means that
any subdirectory they create within their app-specific directory has
mode 700, which in turn prevents things like DownloadManager from
working, since it can be asked to download into a subdir of the app's
private storage.
To prevent this from happening, set a default 770 ACL on the top-level
app-specific directory (eg, /data/media/0/Android/data/com.foo); the
effect of that default ACL is that all directories that are created
within these directories automatically get a 770 mask, regardless of the
umask that the process has.
Bug: 146419093
Test: atest FuseDaemonHostTest on cf_x86 (without sdcardfs)
Change-Id: I3178694e6d25ce3d04a0918ac66862f644635704
A regex allows us to be more specific in what kind of directories we
accept here, which in turn makes it easier to correctly create them.
Bug: 146419093
Test: atest FuseDaemonHostTest
Change-Id: Icb8911f6516eab81b9bbd567c7287be9f605e8b0
Start with FuseDaemonHostTest and AdoptableHostTest, since these heavily
rely on functionality implemented in FUSE to work correctly.
Bug: 149095627
Test: run atest in system/vold
Change-Id: Ia583505aae260584897b0ea80c419b0e34f04735
Move most of it into cryptfs.cpp, and include cryptfs.h in fewer files.
Bug: 147814592
Test: Treehugger
Change-Id: Ia3592d73e7abc1f07a60538e0978a3033bdea7de
I3a879089422c7fc449b6a3e6f1c4b386b86687a4 enforces some gids on the
Android/ dirs but left out Android/media. We now create it
Test: atest FuseDaemonHostTest#testListFilesFromExternalMediaDirectory
Bug: 149072341
Change-Id: I260c414906cd491a6bdd83522ff45f8663e15604
This allows setting the "inherit project ID" flags on directories; in
our case, we want to set this on the root of the lower filesystem, eg
"/data/media/0".
Bug: 146419093
Test: manual invocation works
Change-Id: Ic74588fd972d464e7021bef953da0e5aaafc4286
Use PrepareAppDirsFromRoot() to setup the quota project ID on
application-specific directories correctly. App directories use
AID_EXT_GID_START + their application ID offset, whereas cache
directories use AID_CACHE_GID_START. This is consistent with the GIDs
sdcardfs used to label these directories with.
Bug: 146419093
Test: verified project IDs with lsattr -p
Change-Id: Idca8a30d185012efb0d19ceb9b346b9a4de34f18
Normally sdcardfs takes care of setting up these directories on-demand,
for example when an app requests its private data directory to be
created. On devices without sdcardfs however, we ourselves need to make
sure to setup the UID/GID of these directories correctly.
Introduce a new PrepareAndroidDirs() function which sets the dirs up
correctly. On devices without sdcardfs, that means:
Path UID GID mode
/Android media_rw media_rw 771
/Android/data media_rw ext_data_rw 771
/Android/obb media_rw ext_obb_rw 771
Bug: 146419093
Test: wipe Android/, reboot, with and without sdcardfs, verify
contents
Change-Id: I3a879089422c7fc449b6a3e6f1c4b386b86687a4
Even though /mnt/pass_through itself is 700 root root, the paths under
it are quite permissive. Now, change them from 755 to 710 root
media_rw since the FUSE daemon is the only one that should access it
and it has media_rw gid
Test: manual
Bug: 135341433
Change-Id: I743c014f2c0273c68a1cead7f4331b55a3abcb4e
Version 2 of dm-default-key has an extra parameter and always sets the
DUN.
Bug: 147814592
Test: Cuttlefish boots with keydirectory flag
Test: Crosshatch formatted before this change boots after it
Change-Id: I59081e385324d2e34a5f252286a97938d6ffb79b
This allows the FUSE daemon (with media_rw) explicitly use /mnt/user
paths for redaction.
Test: atest FuseDaemonHostTest#testVfsCacheConsistency
Change-Id: If5b5f5aa6a0ce7c8e2fd300ff6146b345b25cf04
When we're asked to create an app directory, find the corresponding
volume, and use the raw path of that volume to create the directory.
This ensures this will continue working on devices that don't have
sdcardfs.
Bug: 146419093
Test: manual test on cuttlefish
Change-Id: I91d735c1adbcca171e5af73aca0abd7ef396d0b7
PublicVolumes are mounted on /mnt/media_rw/<volume>. Two categories of
apps need access to the mounts. Fortunately, they need access in
mutually exclusive scenarios.
1. The FUSE daemon needs access when serving content from app requests on
/storage/<volume>.
2. File managers (MANAGE_EXTERNAL_STORAGE permission) need access to
ureliable (USB OTG) volumes that are only available on the
/mnt/media_rw paths, i.e, they are not bind mounted into /storage
for apps.
Additionally, we want to ensure that file managers cannot access
/mnt/media_rw when there's a stacked FUSE volume on it. To do this,
we selectively change the mount gid of the /mnt/media_rw/<volume>
path:
-media_rw if it's a reliable volume, ie there's a stacked FUSE volume
-external_storage if it's an unreliable volume.
This ensures that file managers with their external_storage gid can
access unreliable volumes from /mnt/media_rw and cannot interfere with
the FUSE daemon when it's a reliable volume.
Test: adb shell sm set-force-adoptable [on|off] to set reliable or
unreliable volumes && mounting public volumes shows the correct
ACL on /mnt/media_rw/<volume>
Bug: 144914977
Change-Id: Iecf1a422d39e5137105b5a4946704858ce902a8a
am skip reason: Change-Id I4cb1c035a472477e70c1ff5bf0b2c3fcfad495e5 with SHA-1 9ad51adeb9 is in history
Change-Id: Ifb41d27fa4006229a70cf95cd979f39a0646c84f
