commit ea9681e4cdf30340b583dc27cb6c6474926ddaee
author Martijn Coenen <maco@google.com> Mon Feb 01 07:57:02 2021 +0000
committer Martijn Coenen <maco@google.com> Mon Feb 01 07:57:02 2021 +0000
tree bee7d6f5f29fd9787d26cd5a3c24aef0dcd80780
parent b276e80aec54c139587bbc510f503ced9414cf0f

Revert "Revert "Set a default ACL on /data/media/userId.""

This reverts commit b276e80aec54c139587bbc510f503ced9414cf0f.

Reason for revert: b/177926359 is now fixed

Change-Id: I8ec5d80a44fc9e491ab3430592e17d10a82f40ea

FsCrypt.cpp

diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index 8f6ba9c..be51963 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp
@@ -74,6 +74,7 @@
 using android::vold::KeyGeneration;
 using android::vold::retrieveKey;
 using android::vold::retrieveOrGenerateKey;
+using android::vold::SetDefaultAcl;
 using android::vold::SetQuotaInherit;
 using android::vold::SetQuotaProjectId;
 using android::vold::writeStringToFile;
@@ -867,7 +868,15 @@
             if (!prepare_dir(misc_ce_path, 01771, AID_SYSTEM, AID_MISC)) return false;
             if (!prepare_dir(vendor_ce_path, 0771, AID_ROOT, AID_ROOT)) return false;
         }
-        if (!prepare_dir(media_ce_path, 0770, AID_MEDIA_RW, AID_MEDIA_RW)) return false;
+        if (!prepare_dir(media_ce_path, 02770, AID_MEDIA_RW, AID_MEDIA_RW)) return false;
+        // On devices without sdcardfs (kernel 5.4+), the path permissions aren't fixed
+        // up automatically; therefore, use a default ACL, to ensure apps with MEDIA_RW
+        // can keep reading external storage; in particular, this allows app cloning
+        // scenarios to work correctly on such devices.
+        int ret = SetDefaultAcl(media_ce_path, 02770, AID_MEDIA_RW, AID_MEDIA_RW, {AID_MEDIA_RW});
+        if (ret != android::OK) {
+            return false;
+        }
 
         if (!prepare_dir(user_ce_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;