am 3368f167: am 9cb6e501: Ignore change "Set SO_PASSCRED on the uevent socket." in favor of change in internal tree.

* commit '3368f167578fcd2ef024e6d8da723f349089fa7c':
  Set SO_PASSCRED on the uevent socket. (needed for change I393c21da)
diff --git a/Volume.cpp b/Volume.cpp
index d67a6c4..ce41455 100644
--- a/Volume.cpp
+++ b/Volume.cpp
@@ -33,6 +33,8 @@
 
 #include <diskconfig/diskconfig.h>
 
+#include <private/android_filesystem_config.h>
+
 #define LOG_TAG "Vold"
 
 #include <cutils/log.h>
@@ -280,6 +282,8 @@
     dev_t deviceNodes[4];
     int n, i, rc = 0;
     char errmsg[255];
+    const char* externalStorage = getenv("EXTERNAL_STORAGE");
+    bool primaryStorage = externalStorage && !strcmp(getMountpoint(), externalStorage);
 
     if (getState() == Volume::State_NoMedia) {
         snprintf(errmsg, sizeof(errmsg),
@@ -336,8 +340,18 @@
          * muck with it before exposing it to non priviledged users.
          */
         errno = 0;
+        int gid;
+
+        if (primaryStorage) {
+            // Special case the primary SD card.
+            // For this we grant write access to the SDCARD_RW group.
+            gid = AID_SDCARD_RW;
+        } else {
+            // For secondary external storage we keep things locked up.
+            gid = AID_MEDIA_RW;
+        }
         if (Fat::doMount(devicePath, "/mnt/secure/staging", false, false, false,
-                1000, 1015, 0702, true)) {
+                AID_SYSTEM, gid, 0702, true)) {
             SLOGE("%s failed to mount via VFAT (%s)\n", devicePath, strerror(errno));
             continue;
         }
@@ -346,7 +360,8 @@
 
         protectFromAutorunStupidity();
 
-        if (createBindMounts()) {
+        // only create android_secure on primary storage
+        if (primaryStorage && createBindMounts()) {
             SLOGE("Failed to create bindmounts (%s)", strerror(errno));
             umount("/mnt/secure/staging");
             setState(Volume::State_Idle);