commit 0fc53272612e4ce406680e04acebf8876432c1a5
author Martijn Coenen <maco@google.com> Wed Dec 23 08:51:25 2020 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Wed Dec 23 08:51:25 2020 +0000
tree 957e846bb8dfc8f1a0d2674aad7c4cd31e6d7d7a
parent 76e648d54afaae8624f3d76526a6efe4799aa1b6
parent ad7b13816109cb283a1ff806e00cfb3992a46784

Merge "Set a default ACL on /data/media/userId." am: c5c3cdee24 am: ad7b138161

Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1530814

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I9d464a65e45e9250dbf161e0d35a991b99a86c3a

FsCrypt.cpp

diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index 8f6ba9c..6471231 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp
@@ -74,6 +74,7 @@
 using android::vold::KeyGeneration;
 using android::vold::retrieveKey;
 using android::vold::retrieveOrGenerateKey;
+using android::vold::SetDefaultAcl;
 using android::vold::SetQuotaInherit;
 using android::vold::SetQuotaProjectId;
 using android::vold::writeStringToFile;
@@ -868,6 +869,14 @@
             if (!prepare_dir(vendor_ce_path, 0771, AID_ROOT, AID_ROOT)) return false;
         }
         if (!prepare_dir(media_ce_path, 0770, AID_MEDIA_RW, AID_MEDIA_RW)) return false;
+        // On devices without sdcardfs (kernel 5.4+), the path permissions aren't fixed
+        // up automatically; therefore, use a default ACL, to ensure apps with MEDIA_RW
+        // can keep reading external storage; in particular, this allows app cloning
+        // scenarios to work correctly on such devices.
+        int ret = SetDefaultAcl(media_ce_path, 0770, AID_MEDIA_RW, AID_MEDIA_RW, {AID_MEDIA_RW});
+        if (ret != android::OK) {
+            return false;
+        }
 
         if (!prepare_dir(user_ce_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
 

Utils.cpp

diff --git a/Utils.cpp b/Utils.cpp
index d5648f7..98797b2 100644
--- a/Utils.cpp
+++ b/Utils.cpp
@@ -136,8 +136,8 @@
 }
 
 // Sets a default ACL on the directory.
-int SetDefaultAcl(const std::string& path, mode_t mode, uid_t uid, gid_t gid,
-                  std::vector<gid_t> additionalGids) {
+status_t SetDefaultAcl(const std::string& path, mode_t mode, uid_t uid, gid_t gid,
+                       std::vector<gid_t> additionalGids) {
     if (IsSdcardfsUsed()) {
         // sdcardfs magically takes care of this
         return OK;

Utils.h

diff --git a/Utils.h b/Utils.h
index cf3fd9b..8975adc 100644
--- a/Utils.h
+++ b/Utils.h
@@ -52,6 +52,9 @@
 status_t CreateDeviceNode(const std::string& path, dev_t dev);
 status_t DestroyDeviceNode(const std::string& path);
 
+status_t SetDefaultAcl(const std::string& path, mode_t mode, uid_t uid, gid_t gid,
+                       std::vector<gid_t> additionalGids);
+
 status_t AbortFuseConnections();
 
 int SetQuotaInherit(const std::string& path);