Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_vold / 5504901bf021742ad94a8a45cc3a7ec280e741f8^! / . / model / PublicVolume.cpp
commit5504901bf021742ad94a8a45cc3a7ec280e741f8[log] [tgz]
authorSudheer Shanka <sudheersai@google.com>Wed Jan 09 12:15:15 2019 -0800
committerSudheer Shanka <sudheersai@google.com>Fri Jan 18 18:48:55 2019 -0800
tree363427d055e3aebed09018403829bdce694a4a3f
parent811de623a0e74c439cf51926b7ddc8738ecab0d2 [diff] [blame]
Create a new MOUNT_EXTERNAL_LEGACY storage mode.

Apps that are already installed on the device before isolated_storage
feature is enabled will be granted MOUNT_EXTERNAL_LEGACY mode. In this
mode, /mnt/runtime/write will be mounted at /storage giving them same
level of access as in P.

A new mount directory /mnt/runtime/full is also created which will be
used for mounting at /storage for apps started with MOUNT_EXTERNAL_FULL
mode. This will allow apps with WRITE_MEDIA_STORAGE permission to
read/write anywhere on the secondary devices without needing to bypass
sdcardfs.

Bug: 121277410
Test: manual
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Change-Id: Icc1ff9da35545692daedef7173d7c89290dd2766

diff --git a/model/PublicVolume.cpp b/model/PublicVolume.cpp
index cf18d73..e751eca 100644
--- a/model/PublicVolume.cpp
+++ b/model/PublicVolume.cpp

@@ -185,36 +185,16 @@
                 PLOG(ERROR) << "Failed to exec";
             }
         } else {
-            // In Pre-Q, apps have full read access to secondary storage devices but only
-            // write access for their package specific directories. In Q, they only have access
-            // to their own sandboxes and they can write anywhere inside the sandbox. Instead of
-            // updating sdcardfs to allow packages writing into their own sandboxes, we could
-            // just allow them to write anywhere by passing "-w".
             // clang-format off
-            if (GetBoolProperty(kIsolatedStorage, false)) {
-                if (execl(kFusePath, kFusePath,
-                        "-u", "1023", // AID_MEDIA_RW
-                        "-g", "1023", // AID_MEDIA_RW
-                        "-U", std::to_string(getMountUserId()).c_str(),
-                        "-w",
-                        mRawPath.c_str(),
-                        stableName.c_str(),
-                        NULL)) {
-                    // clang-format on
-                    PLOG(ERROR) << "Failed to exec";
-                }
-            } else {
-                // clang-format off
-                if (execl(kFusePath, kFusePath,
-                        "-u", "1023", // AID_MEDIA_RW
-                        "-g", "1023", // AID_MEDIA_RW
-                        "-U", std::to_string(getMountUserId()).c_str(),
-                        mRawPath.c_str(),
-                        stableName.c_str(),
-                        NULL)) {
-                    // clang-format on
-                    PLOG(ERROR) << "Failed to exec";
-                }
+            if (execl(kFusePath, kFusePath,
+                    "-u", "1023", // AID_MEDIA_RW
+                    "-g", "1023", // AID_MEDIA_RW
+                    "-U", std::to_string(getMountUserId()).c_str(),
+                    mRawPath.c_str(),
+                    stableName.c_str(),
+                    NULL)) {
+                // clang-format on
+                PLOG(ERROR) << "Failed to exec";
             }
         }