Give installers/DownloadManager/MTP correct GIDs. (bc3a5111) · Commits · e / os / android_frameworks_base

core/java/android/os/Process.java

+14 −0

Original line number	Diff line number	Diff line
		@@ -214,6 +214,20 @@ public class Process {
		*/
		public static final int FSVERITY_CERT_UID = 1075;

		/**
		* GID that gives write access to app-private data directories on external
		* storage (used on devices without sdcardfs only).
		* @hide
		*/
		public static final int EXT_DATA_RW_GID = 1078;

		/**
		* GID that gives write access to app-private OBB directories on external
		* storage (used on devices without sdcardfs only).
		* @hide
		*/
		public static final int EXT_OBB_RW_GID = 1079;

		/** {@hide} */
		public static final int NOBODY_UID = 9999;

+12 −0

Original line number	Diff line number	Diff line
		@@ -1577,7 +1577,19 @@ public final class ProcessList {
		// For DownloadProviders and MTP: To grant access to /sdcard/Android/
		// And a special case for the FUSE daemon since it runs an MTP server and should have
		// access to Android/
		// Note that we must add in the user id, because sdcardfs synthesizes this permission
		// based on the user
		gidList.add(UserHandle.getUid(UserHandle.getUserId(uid), Process.SDCARD_RW_GID));

		// For devices without sdcardfs, these GIDs are needed instead; note that we
		// consciously don't add the user_id in the GID, since these apps are anyway
		// isolated to only their own user
		gidList.add(Process.EXT_DATA_RW_GID);
		gidList.add(Process.EXT_OBB_RW_GID);
		}
		if (mountExternal == Zygote.MOUNT_EXTERNAL_INSTALLER) {
		// For devices without sdcardfs, this GID is needed to allow installers access to OBBs
		gidList.add(Process.EXT_OBB_RW_GID);
		}
		if (mountExternal == Zygote.MOUNT_EXTERNAL_PASS_THROUGH) {
		// For the FUSE daemon: To grant access to the lower filesystem.