Correct the permission of checkin dir
Gmscore runs in cache group, so set the own:group of the checkin
directory to system:cache to align with other use cases. Because we
want proper user separation when accessing the dir, also provide
user id to set the correct selinux mls_level.
Bug: 197636740
Test: check selinux label, make sure checkin can access the directory.
Change-Id: Id47a2a30a2f37c204ef72a81ac2aebe4ee3a37b0
diff --git a/vold_prepare_subdirs.cpp b/vold_prepare_subdirs.cpp
index ad4fa99..862191c 100644
--- a/vold_prepare_subdirs.cpp
+++ b/vold_prepare_subdirs.cpp
@@ -208,11 +208,15 @@
if (!prepare_dir(sehandle, 0700, 0, 0, misc_ce_path + "/vold")) return false;
if (!prepare_dir(sehandle, 0700, 0, 0, misc_ce_path + "/storaged")) return false;
if (!prepare_dir(sehandle, 0700, 0, 0, misc_ce_path + "/rollback")) return false;
- if (!prepare_dir(sehandle, 0700, 0, 0, misc_ce_path + "/checkin")) return false;
-
// TODO: Return false if this returns false once sure this should succeed.
prepare_dir(sehandle, 0700, 0, 0, misc_ce_path + "/apexrollback");
prepare_apex_subdirs(sehandle, misc_ce_path);
+ // Give gmscore (who runs in cache group) access to the checkin directory. Also provide
+ // the user id to set the correct selinux mls_level.
+ if (!prepare_dir_for_user(sehandle, 0770, AID_SYSTEM, AID_CACHE,
+ misc_ce_path + "/checkin", user_id)) {
+ return false;
+ }
auto system_ce_path = android::vold::BuildDataSystemCePath(user_id);
if (!prepare_dir(sehandle, 0700, AID_SYSTEM, AID_SYSTEM, system_ce_path + "/backup")) {