Merge "Flag APK permission changes" into main

commit: 36ce1e2a113dac4a7d534689512f07ac1878e65e [log] [tgz]
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Tue Oct 31 13:46:52 2023 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Oct 31 13:46:52 2023 +0000
tree: 7f0658c78461071cf849457a7c130b79f8b3cedb
parent: 76c3cb5e8e70ea1fd89c453e64100e9dc2ed67bf [diff]
parent: ab12736ba6c96f1bbbd77619b36fa56ef1697741 [diff]
diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index 40c5cae..d9d9cb9 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java

@@ -2019,11 +2019,10 @@
                         | OsConstants.S_IROTH
                         | OsConstants.S_IWOTH
                         | OsConstants.S_IXOTH;
-        int expectedPermissions =
-                OsConstants.S_IRUSR
-                        | OsConstants.S_IXUSR
-                        | OsConstants.S_IRGRP
-                        | OsConstants.S_IXGRP;
+        int expectedPermissions = OsConstants.S_IRUSR | OsConstants.S_IXUSR;
+        if (isFeatureEnabled(VirtualMachineManager.FEATURE_MULTI_TENANT)) {
+            expectedPermissions |= OsConstants.S_IRGRP | OsConstants.S_IXGRP;
+        }
         assertThat(testResults.mFileMode & allPermissionsMask).isEqualTo(expectedPermissions);
     }
 

diff --git a/zipfuse/src/inode.rs b/zipfuse/src/inode.rs
index 3175a30..1f74f64 100644
--- a/zipfuse/src/inode.rs
+++ b/zipfuse/src/inode.rs

@@ -31,11 +31,21 @@
 const INVALID: Inode = 0;
 const ROOT: Inode = 1;
 
-const DEFAULT_DIR_MODE: u32 = libc::S_IRUSR | libc::S_IXUSR | libc::S_IRGRP | libc::S_IXGRP;
+#[cfg(multi_tenant)]
+const READ_MODE: u32 = libc::S_IRUSR | libc::S_IRGRP;
+#[cfg(multi_tenant)]
+const EXECUTE_MODE: u32 = libc::S_IXUSR | libc::S_IXGRP;
+
+#[cfg(not(multi_tenant))]
+const READ_MODE: u32 = libc::S_IRUSR;
+#[cfg(not(multi_tenant))]
+const EXECUTE_MODE: u32 = libc::S_IXUSR;
+
+const DEFAULT_DIR_MODE: u32 = READ_MODE | EXECUTE_MODE;
 // b/264668376 some files in APK don't have unix permissions specified. Default to 400
 // otherwise those files won't be readable even by the owner.
-const DEFAULT_FILE_MODE: u32 = libc::S_IRUSR | libc::S_IRGRP;
-const EXECUTABLE_FILE_MODE: u32 = DEFAULT_FILE_MODE | libc::S_IXUSR | libc::S_IXGRP;
+const DEFAULT_FILE_MODE: u32 = READ_MODE;
+const EXECUTABLE_FILE_MODE: u32 = DEFAULT_FILE_MODE | EXECUTE_MODE;
 
 /// `InodeData` represents an inode which has metadata about a file or a directory
 #[derive(Debug)]
commit	36ce1e2a113dac4a7d534689512f07ac1878e65e	[log] [tgz]
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	Tue Oct 31 13:46:52 2023 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Oct 31 13:46:52 2023 +0000
tree	7f0658c78461071cf849457a7c130b79f8b3cedb
parent	76c3cb5e8e70ea1fd89c453e64100e9dc2ed67bf [diff]
parent	ab12736ba6c96f1bbbd77619b36fa56ef1697741 [diff]