diff options
| author | 2023-06-14 00:53:20 +0000 | |
|---|---|---|
| committer | 2023-06-14 01:02:46 +0000 | |
| commit | 5818c65aafcdef4feae6f57091e1083cd64247df (patch) | |
| tree | c9d361fdcfd07d55bc4b4ea04872b830042e0a08 | |
| parent | 2bde961aeb99fd5d1cac94f0d5eea2797949a271 (diff) | |
Remove write permission from file mode of top-level user dirs
https://r.android.com/2620458 and https://r.android.com/2617599 are
removing the write mode bit from the top-level user directories, in
order to make the DAC consistent with the SELinux policy.
This commit makes the corresponding change to
InstalldNativeService::tryMountDataMirror(). This method creates
/data_mirror/data_ce/$volume_uuid and bind-mounts /data/user onto it,
and similarly for several other directories. It should not really need
to be changed, but the issue is that for adoptable storage it runs
multiple times, so the modes it uses to prepare the directories with
must match the modes of the corresponding bind-mounted directories.
Bug: 285239971
Test: sm set-virtual-disk true
sm partition disk:7,392 private
Verified no error message from tryMountDataMirror() in log
Change-Id: I17dfbe10909b34c2046a4d5b4ffd7764d5ae083b
| -rw-r--r-- | cmds/installd/InstalldNativeService.cpp | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/cmds/installd/InstalldNativeService.cpp b/cmds/installd/InstalldNativeService.cpp index 99f7669a57..e84428ee41 100644 --- a/cmds/installd/InstalldNativeService.cpp +++ b/cmds/installd/InstalldNativeService.cpp @@ -3574,22 +3574,22 @@ binder::Status InstalldNativeService::tryMountDataMirror( std::lock_guard<std::recursive_mutex> lock(mMountsLock); std::string mirrorVolCePath(StringPrintf("%s/%s", kDataMirrorCePath, uuid_)); - if (fs_prepare_dir(mirrorVolCePath.c_str(), 0711, AID_SYSTEM, AID_SYSTEM) != 0) { + if (fs_prepare_dir(mirrorVolCePath.c_str(), 0511, AID_SYSTEM, AID_SYSTEM) != 0) { return error("Failed to create CE data mirror"); } std::string mirrorVolDePath(StringPrintf("%s/%s", kDataMirrorDePath, uuid_)); - if (fs_prepare_dir(mirrorVolDePath.c_str(), 0711, AID_SYSTEM, AID_SYSTEM) != 0) { + if (fs_prepare_dir(mirrorVolDePath.c_str(), 0511, AID_SYSTEM, AID_SYSTEM) != 0) { return error("Failed to create DE data mirror"); } std::string mirrorVolMiscCePath(StringPrintf("%s/%s", kMiscMirrorCePath, uuid_)); - if (fs_prepare_dir(mirrorVolMiscCePath.c_str(), 0711, AID_SYSTEM, AID_SYSTEM) != 0) { + if (fs_prepare_dir(mirrorVolMiscCePath.c_str(), 0511, AID_SYSTEM, AID_SYSTEM) != 0) { return error("Failed to create CE misc mirror"); } std::string mirrorVolMiscDePath(StringPrintf("%s/%s", kMiscMirrorDePath, uuid_)); - if (fs_prepare_dir(mirrorVolMiscDePath.c_str(), 0711, AID_SYSTEM, AID_SYSTEM) != 0) { + if (fs_prepare_dir(mirrorVolMiscDePath.c_str(), 0511, AID_SYSTEM, AID_SYSTEM) != 0) { return error("Failed to create DE misc mirror"); } |