|
|
|
@ -601,22 +601,26 @@ bool e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id, int
|
|
|
|
|
auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
|
|
|
|
|
auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
|
|
|
|
|
|
|
|
|
|
if (!prepare_dir(system_legacy_path, 0700, AID_SYSTEM, AID_SYSTEM)) return false;
|
|
|
|
|
if (volume_uuid == nullptr) {
|
|
|
|
|
if (!prepare_dir(system_legacy_path, 0700, AID_SYSTEM, AID_SYSTEM)) return false;
|
|
|
|
|
#if MANAGE_MISC_DIRS
|
|
|
|
|
if (!prepare_dir(misc_legacy_path, 0750, multiuser_get_uid(user_id, AID_SYSTEM),
|
|
|
|
|
multiuser_get_uid(user_id, AID_EVERYBODY))) return false;
|
|
|
|
|
if (!prepare_dir(misc_legacy_path, 0750, multiuser_get_uid(user_id, AID_SYSTEM),
|
|
|
|
|
multiuser_get_uid(user_id, AID_EVERYBODY))) return false;
|
|
|
|
|
#endif
|
|
|
|
|
if (!prepare_dir(profiles_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
|
|
|
|
|
if (!prepare_dir(profiles_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
|
|
|
|
|
|
|
|
|
|
if (!prepare_dir(system_de_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
|
|
|
|
|
if (!prepare_dir(misc_de_path, 01771, AID_SYSTEM, AID_MISC)) return false;
|
|
|
|
|
if (!prepare_dir(system_de_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
|
|
|
|
|
if (!prepare_dir(misc_de_path, 01771, AID_SYSTEM, AID_MISC)) return false;
|
|
|
|
|
}
|
|
|
|
|
if (!prepare_dir(user_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
|
|
|
|
|
|
|
|
|
|
if (e4crypt_is_native()) {
|
|
|
|
|
std::string de_raw_ref;
|
|
|
|
|
if (!lookup_key_ref(s_de_key_raw_refs, user_id, &de_raw_ref)) return false;
|
|
|
|
|
if (!ensure_policy(de_raw_ref, system_de_path)) return false;
|
|
|
|
|
if (!ensure_policy(de_raw_ref, misc_de_path)) return false;
|
|
|
|
|
if (volume_uuid == nullptr) {
|
|
|
|
|
if (!ensure_policy(de_raw_ref, system_de_path)) return false;
|
|
|
|
|
if (!ensure_policy(de_raw_ref, misc_de_path)) return false;
|
|
|
|
|
}
|
|
|
|
|
if (!ensure_policy(de_raw_ref, user_de_path)) return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
@ -628,24 +632,28 @@ bool e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id, int
|
|
|
|
|
auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
|
|
|
|
|
auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
|
|
|
|
|
|
|
|
|
|
if (!prepare_dir(system_ce_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
|
|
|
|
|
if (!prepare_dir(misc_ce_path, 01771, AID_SYSTEM, AID_MISC)) return false;
|
|
|
|
|
if (volume_uuid == nullptr) {
|
|
|
|
|
if (!prepare_dir(system_ce_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
|
|
|
|
|
if (!prepare_dir(misc_ce_path, 01771, AID_SYSTEM, AID_MISC)) return false;
|
|
|
|
|
}
|
|
|
|
|
if (!prepare_dir(media_ce_path, 0770, AID_MEDIA_RW, AID_MEDIA_RW)) return false;
|
|
|
|
|
if (!prepare_dir(user_ce_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
|
|
|
|
|
|
|
|
|
|
if (e4crypt_is_native()) {
|
|
|
|
|
std::string ce_raw_ref;
|
|
|
|
|
if (!lookup_key_ref(s_ce_key_raw_refs, user_id, &ce_raw_ref)) return false;
|
|
|
|
|
if (!ensure_policy(ce_raw_ref, system_ce_path)) return false;
|
|
|
|
|
if (!ensure_policy(ce_raw_ref, misc_ce_path)) return false;
|
|
|
|
|
if (volume_uuid == nullptr) {
|
|
|
|
|
if (!ensure_policy(ce_raw_ref, system_ce_path)) return false;
|
|
|
|
|
if (!ensure_policy(ce_raw_ref, misc_ce_path)) return false;
|
|
|
|
|
|
|
|
|
|
// Now that credentials have been installed, we can run restorecon
|
|
|
|
|
// over these paths
|
|
|
|
|
// NOTE: these paths need to be kept in sync with libselinux
|
|
|
|
|
android::vold::RestoreconRecursive(system_ce_path);
|
|
|
|
|
android::vold::RestoreconRecursive(misc_ce_path);
|
|
|
|
|
}
|
|
|
|
|
if (!ensure_policy(ce_raw_ref, media_ce_path)) return false;
|
|
|
|
|
if (!ensure_policy(ce_raw_ref, user_ce_path)) return false;
|
|
|
|
|
|
|
|
|
|
// Now that credentials have been installed, we can run restorecon
|
|
|
|
|
// over these paths
|
|
|
|
|
// NOTE: these paths need to be kept in sync with libselinux
|
|
|
|
|
android::vold::RestoreconRecursive(system_ce_path);
|
|
|
|
|
android::vold::RestoreconRecursive(misc_ce_path);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|