Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1fc3355e authored by Zim's avatar Zim
Browse files

Fix /mnt/user/<userid> permission bits 

Vold sets permission bits for /mnt/user/<userid> when mounting a
volume, zygote was setting different (more relaxed) bits for that
folder. Now we set the same (more restrictive) bits.

It is important to set it here as well because apps may start before
the volume is mounted and they should have the always have the same
permission bits for /mnt/user/<userid>

Bug: 135341433
Test: atest -c android.appsecurity.cts.ExternalStorageHostTest#testSecondaryUsersInaccessible

Change-Id: I87af1b5e63601b38443715fced8b20693b9cf5e6
parent 9aa5a8db

core/jni/com_android_internal_os_Zygote.cpp

+7 −1
Original line number Original line Diff line number Diff line
@@ -746,7 +746,13 @@ static void MountEmulatedStorage(uid_t uid, jint mount_mode, 
  const std::string pass_through_source = StringPrintf("/mnt/pass_through/%d", user_id);

  const std::string pass_through_source = StringPrintf("/mnt/pass_through/%d", user_id);

  bool isFuse = GetBoolProperty(kPropFuse, false);

  bool isFuse = GetBoolProperty(kPropFuse, false);





  PrepareDir(user_source, DEFAULT_DATA_DIR_PERMISSION, AID_ROOT, AID_ROOT, fail_fn);

  // Shell is neither AID_ROOT nor AID_EVERYBODY. Since it equally needs 'execute' access to

  // /mnt/user/0 to 'adb shell ls /sdcard' for instance, we set the uid bit of /mnt/user/0 to

  // AID_SHELL. This gives shell access along with apps running as group everybody (user 0 apps)

  // These bits should be consistent with what is set in vold in

  // Utils#MountUserFuse on FUSE volume mount

  PrepareDir(user_source, 0710, user_id ? AID_ROOT : AID_SHELL,

             multiuser_get_uid(user_id, AID_EVERYBODY), fail_fn);





  if (isFuse) {

  if (isFuse) {

    if (mount_mode == MOUNT_EXTERNAL_PASS_THROUGH || mount_mode ==

    if (mount_mode == MOUNT_EXTERNAL_PASS_THROUGH || mount_mode ==