From 25aabb9edeb9203e52758d307b8a94ec8c64d338 Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Mon, 6 Jul 2015 09:46:08 -0700
Subject: [PATCH] Permission to view shared storage for all users.

Typical apps are restricted so they can only view shared storage
belonging to the user they're running as.  However, a handful of
system components need access to shared storage across all users,
such as DefaultContainerService and SystemUI.

Since WRITE_MEDIA_STORAGE already offers this functionality by
bypassing any FUSE emulation, reuse it to grant the "sdcard_rw" GID
which is no longer handed out to third-party apps.  Then we change
the FUSE daemon to allow the "sdcard_rw" GID to see shared storage
of all users.

Bug: 19995822
Change-Id: Id2fe846aefbf13fc050e9b00ddef120021e817f4
---
 sdcard/sdcard.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/sdcard/sdcard.c b/sdcard/sdcard.c
index 3cd5bc4c56..21986fccf6 100644
--- a/sdcard/sdcard.c
+++ b/sdcard/sdcard.c
@@ -444,7 +444,16 @@ static void derive_permissions_locked(struct fuse* fuse, struct node *parent,
         /* Legacy internal layout places users at top level */
         node->perm = PERM_ROOT;
         node->userid = strtoul(node->name, NULL, 10);
-        node->gid = multiuser_get_uid(node->userid, fuse->gid);
+        if (fuse->gid == AID_SDCARD_RW) {
+            /* As an optimization, certain trusted system components only run
+             * as owner but operate across all users. Since we're now handing
+             * out the sdcard_rw GID only to trusted apps, we're okay relaxing
+             * the user boundary enforcement for the default view. The UIDs
+             * assigned to app directories are still multiuser aware. */
+            node->gid = fuse->gid;
+        } else {
+            node->gid = multiuser_get_uid(node->userid, fuse->gid);
+        }
         node->mode = 0771;
         break;
     case PERM_ROOT:
-- 
GitLab