From 9cfc404c2d038f96e8e92e3826df11cf1492e626 Mon Sep 17 00:00:00 2001 From: Oli Lan Date: Fri, 3 Jan 2020 18:21:08 +0000 Subject: [PATCH 1/2] Change ownership of apex data directories to root. The apex data directories must be accessed by apexd in order for it to perform snapshot and restore as part of the rollback process. As apexd runs as root, this CL changes the apex data directories under misc_[ce|de] to be owned by root. Bug: 141148175 Test: Build and flash; check permissions are set correctly. Change-Id: Icf2059cc9448364f834eef7892914a99883746a1 --- vold_prepare_subdirs.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vold_prepare_subdirs.cpp b/vold_prepare_subdirs.cpp index 3a58b2e..c6cf687 100644 --- a/vold_prepare_subdirs.cpp +++ b/vold_prepare_subdirs.cpp @@ -138,7 +138,7 @@ static bool prepare_apex_subdirs(struct selabel_handle* sehandle, const std::str if (strchr(name, '@') != NULL) continue; - if (!prepare_dir(sehandle, 0700, AID_SYSTEM, AID_SYSTEM, path + "/apexdata/" + name)) { + if (!prepare_dir(sehandle, 0770, AID_ROOT, AID_SYSTEM, path + "/apexdata/" + name)) { return false; } } From e1b3f5cd2d01af4a433efda768cebaa44c2af8f2 Mon Sep 17 00:00:00 2001 From: Oli Lan Date: Fri, 17 Jan 2020 11:01:38 +0000 Subject: [PATCH 2/2] Allow search permission on apex data directories. This gives x permission to all on the parent apex data directory so that the data directories can be accessed by modules. Bug: 147848983 Test: Build & flash, check permissions are correct Change-Id: I1bbf480cbf9f9e758353237e333317516ad375ee --- vold_prepare_subdirs.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vold_prepare_subdirs.cpp b/vold_prepare_subdirs.cpp index c6cf687..d624d73 100644 --- a/vold_prepare_subdirs.cpp +++ b/vold_prepare_subdirs.cpp @@ -121,7 +121,7 @@ static bool rmrf_contents(const std::string& path) { } static bool prepare_apex_subdirs(struct selabel_handle* sehandle, const std::string& path) { - if (!prepare_dir(sehandle, 0700, 0, 0, path + "/apexdata")) return false; + if (!prepare_dir(sehandle, 0711, 0, 0, path + "/apexdata")) return false; auto dirp = std::unique_ptr(opendir("/apex"), closedir); if (!dirp) { @@ -138,7 +138,7 @@ static bool prepare_apex_subdirs(struct selabel_handle* sehandle, const std::str if (strchr(name, '@') != NULL) continue; - if (!prepare_dir(sehandle, 0770, AID_ROOT, AID_SYSTEM, path + "/apexdata/" + name)) { + if (!prepare_dir(sehandle, 0771, AID_ROOT, AID_SYSTEM, path + "/apexdata/" + name)) { return false; } }