Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / 5818c65aafcdef4feae6f57091e1083cd64247df^! / . / cmds / installd / InstalldNativeService.cpp
commit5818c65aafcdef4feae6f57091e1083cd64247df[log] [tgz]
authorEric Biggers <ebiggers@google.com>Wed Jun 14 00:53:20 2023 +0000
committerEric Biggers <ebiggers@google.com>Wed Jun 14 01:02:46 2023 +0000
treec9d361fdcfd07d55bc4b4ea04872b830042e0a08
parent2bde961aeb99fd5d1cac94f0d5eea2797949a271 [diff] [blame]
Remove write permission from file mode of top-level user dirs

https://r.android.com/2620458 and https://r.android.com/2617599 are
removing the write mode bit from the top-level user directories, in
order to make the DAC consistent with the SELinux policy.

This commit makes the corresponding change to
InstalldNativeService::tryMountDataMirror().  This method creates
/data_mirror/data_ce/$volume_uuid and bind-mounts /data/user onto it,
and similarly for several other directories.  It should not really need
to be changed, but the issue is that for adoptable storage it runs
multiple times, so the modes it uses to prepare the directories with
must match the modes of the corresponding bind-mounted directories.

Bug: 285239971
Test: sm set-virtual-disk true
      sm partition disk:7,392 private
      Verified no error message from tryMountDataMirror() in log
Change-Id: I17dfbe10909b34c2046a4d5b4ffd7764d5ae083b

diff --git a/cmds/installd/InstalldNativeService.cpp b/cmds/installd/InstalldNativeService.cpp
index 99f7669..e84428e 100644
--- a/cmds/installd/InstalldNativeService.cpp
+++ b/cmds/installd/InstalldNativeService.cpp

@@ -3574,22 +3574,22 @@
     std::lock_guard<std::recursive_mutex> lock(mMountsLock);
 
     std::string mirrorVolCePath(StringPrintf("%s/%s", kDataMirrorCePath, uuid_));
-    if (fs_prepare_dir(mirrorVolCePath.c_str(), 0711, AID_SYSTEM, AID_SYSTEM) != 0) {
+    if (fs_prepare_dir(mirrorVolCePath.c_str(), 0511, AID_SYSTEM, AID_SYSTEM) != 0) {
         return error("Failed to create CE data mirror");
     }
 
     std::string mirrorVolDePath(StringPrintf("%s/%s", kDataMirrorDePath, uuid_));
-    if (fs_prepare_dir(mirrorVolDePath.c_str(), 0711, AID_SYSTEM, AID_SYSTEM) != 0) {
+    if (fs_prepare_dir(mirrorVolDePath.c_str(), 0511, AID_SYSTEM, AID_SYSTEM) != 0) {
         return error("Failed to create DE data mirror");
     }
 
     std::string mirrorVolMiscCePath(StringPrintf("%s/%s", kMiscMirrorCePath, uuid_));
-    if (fs_prepare_dir(mirrorVolMiscCePath.c_str(), 0711, AID_SYSTEM, AID_SYSTEM) != 0) {
+    if (fs_prepare_dir(mirrorVolMiscCePath.c_str(), 0511, AID_SYSTEM, AID_SYSTEM) != 0) {
         return error("Failed to create CE misc mirror");
     }
 
     std::string mirrorVolMiscDePath(StringPrintf("%s/%s", kMiscMirrorDePath, uuid_));
-    if (fs_prepare_dir(mirrorVolMiscDePath.c_str(), 0711, AID_SYSTEM, AID_SYSTEM) != 0) {
+    if (fs_prepare_dir(mirrorVolMiscDePath.c_str(), 0511, AID_SYSTEM, AID_SYSTEM) != 0) {
         return error("Failed to create DE misc mirror");
     }