Enable improved user separation by default. This is already on for all Pixel devices with no problems observed. If this causes issues with a specific device (e.g. vendor apps being unable to access their data) it can be temporarily disabled by adding PRODUCT_PROPERTY_OVERRIDES += ro.vold.level_from_user=0 to the device.mk file. Please file a bug if that happens. Bug: 141677108 Test: presubmits Change-Id: Ic9da534f1a5f4c9e3bd62ea5c09a3b11ebcb33e7 Merged-In: Ic9da534f1a5f4c9e3bd62ea5c09a3b11ebcb33e7 (cherry picked from commit 763393644a0a6e361f26dfe26f6dc0021579f011)

commit: 1dafff79e1bb6ee36a05aeaf9485dd1ae2ada22e [log] [tgz]
author: Alan Stokes <alanstokes@google.com> Thu Dec 10 09:54:06 2020 +0000
committer: Alan Stokes <alanstokes@google.com> Thu Dec 10 09:54:06 2020 +0000
tree: 04b64481bd9e7b80ef29bebe66ee940433fcb639
parent: 12eb9de463bd9f205482b44473c8aa2f4a8f557e [diff] [blame]
diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index ff8c1f4..8f6ba9c 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp

@@ -795,7 +795,7 @@
 static bool prepare_subdirs(const std::string& action, const std::string& volume_uuid,
                             userid_t user_id, int flags) {
     // TODO(b/141677108): Remove this & make it the default behavior
-    if (android::base::GetProperty("ro.vold.level_from_user", "0") == "1") {
+    if (android::base::GetProperty("ro.vold.level_from_user", "1") == "1") {
         flags |= android::os::IVold::STORAGE_FLAG_LEVEL_FROM_USER;
     }
commit	1dafff79e1bb6ee36a05aeaf9485dd1ae2ada22e	[log] [tgz]
author	Alan Stokes <alanstokes@google.com>	Thu Dec 10 09:54:06 2020 +0000
committer	Alan Stokes <alanstokes@google.com>	Thu Dec 10 09:54:06 2020 +0000
tree	04b64481bd9e7b80ef29bebe66ee940433fcb639
parent	12eb9de463bd9f205482b44473c8aa2f4a8f557e [diff] [blame]