diff options
| author | 2020-02-12 08:14:19 +0000 | |
|---|---|---|
| committer | 2020-02-12 08:14:19 +0000 | |
| commit | ca8106f200e7d64103d7409a80a7d1a32c2bdf89 (patch) | |
| tree | 07dedb68d06a134537fb7e7fd4014dea74ad0666 | |
| parent | 5f212d00102d07d7f5c4867d8ac7c4913ca3fbb3 (diff) | |
| parent | bc3a5111d1026f1a959df581da0d53c597041f59 (diff) | |
Merge "Give installers/DownloadManager/MTP correct GIDs."
| -rw-r--r-- | core/java/android/os/Process.java | 14 | ||||
| -rw-r--r-- | services/core/java/com/android/server/am/ProcessList.java | 12 |
2 files changed, 26 insertions, 0 deletions
diff --git a/core/java/android/os/Process.java b/core/java/android/os/Process.java index 8d0946156044..dbe3b7bd1794 100644 --- a/core/java/android/os/Process.java +++ b/core/java/android/os/Process.java @@ -214,6 +214,20 @@ public class Process { */ public static final int FSVERITY_CERT_UID = 1075; + /** + * GID that gives write access to app-private data directories on external + * storage (used on devices without sdcardfs only). + * @hide + */ + public static final int EXT_DATA_RW_GID = 1078; + + /** + * GID that gives write access to app-private OBB directories on external + * storage (used on devices without sdcardfs only). + * @hide + */ + public static final int EXT_OBB_RW_GID = 1079; + /** {@hide} */ public static final int NOBODY_UID = 9999; diff --git a/services/core/java/com/android/server/am/ProcessList.java b/services/core/java/com/android/server/am/ProcessList.java index dcada89bb04a..abe0dd543deb 100644 --- a/services/core/java/com/android/server/am/ProcessList.java +++ b/services/core/java/com/android/server/am/ProcessList.java @@ -1577,7 +1577,19 @@ public final class ProcessList { // For DownloadProviders and MTP: To grant access to /sdcard/Android/ // And a special case for the FUSE daemon since it runs an MTP server and should have // access to Android/ + // Note that we must add in the user id, because sdcardfs synthesizes this permission + // based on the user gidList.add(UserHandle.getUid(UserHandle.getUserId(uid), Process.SDCARD_RW_GID)); + + // For devices without sdcardfs, these GIDs are needed instead; note that we + // consciously don't add the user_id in the GID, since these apps are anyway + // isolated to only their own user + gidList.add(Process.EXT_DATA_RW_GID); + gidList.add(Process.EXT_OBB_RW_GID); + } + if (mountExternal == Zygote.MOUNT_EXTERNAL_INSTALLER) { + // For devices without sdcardfs, this GID is needed to allow installers access to OBBs + gidList.add(Process.EXT_OBB_RW_GID); } if (mountExternal == Zygote.MOUNT_EXTERNAL_PASS_THROUGH) { // For the FUSE daemon: To grant access to the lower filesystem. |