No description
dfe0cbab3f
Changes the FUSE daemon to synthesize an Android-specific set of filesystem permissions, even when the underlying media storage is permissionless. This is designed to support several features: First, apps can access their own files in /Android/data/com.example/ without requiring any external storage permissions. This is enabled by allowing o+x on parent directories, and assigning the UID owner based on the directory name (package name). The mapping from package to appId is parsed from packages.list, which is updated when apps are added/removed. Changes are observed through inotify. It creates missing package name directories when requested and valid. Second, support for separate permissions for photos and audio/video content on the device through new GIDs which are assigned based on top-level directory names. Finally, support for multi-user separation on the same physical media through new /Android/user/ directory, which will be bind-mounted into place. It recursively applies the above rules to each secondary user. rwxrwx--x root:sdcard_rw / rwxrwx--- root:sdcard_pics /Pictures rwxrwx--- root:sdcard_av /Music rwxrwx--x root:sdcard_rw /Android rwxrwx--x root:sdcard_rw /Android/data rwxrwx--- u0_a12:sdcard_rw /Android/data/com.example rwxrwx--x root:sdcard_rw /Android/obb/ rwxrwx--- u0_a12:sdcard_rw /Android/obb/com.example rwxrwx--- root:sdcard_all /Android/user rwxrwx--x root:sdcard_rw /Android/user/10 rwxrwx--- u10_a12:sdcard_rw /Android/user/10/Android/data/com.example These derived permissions are disabled by default. Switched option parsing to getopt(). Change-Id: I21bf5d79d13f0f07a6a116122b16395f4f97505b |
||
|---|---|---|
| adb | ||
| charger | ||
| cpio | ||
| debuggerd | ||
| fastboot | ||
| fastbootd | ||
| fs_mgr | ||
| gpttool | ||
| healthd | ||
| include | ||
| init | ||
| libcorkscrew | ||
| libctest | ||
| libcutils | ||
| libdiskconfig | ||
| libion | ||
| liblinenoise | ||
| liblog | ||
| libmincrypt | ||
| libnetutils | ||
| libnl_2 | ||
| libpixelflinger | ||
| libsparse | ||
| libsuspend | ||
| libsync | ||
| libsysutils | ||
| libusbhost | ||
| libutils | ||
| libzipfile | ||
| logcat | ||
| logwrapper | ||
| mkbootimg | ||
| netcfg | ||
| reboot | ||
| rootdir | ||
| run-as | ||
| sdcard | ||
| sh | ||
| toolbox | ||
| .gitignore | ||
| Android.mk | ||
| CleanSpec.mk | ||
| MODULE_LICENSE_APACHE2 | ||
| NOTICE | ||
| README | ||
| ThirdPartyProject.prop | ||
The system/ directory is intended for pieces of the world that are the core of the embedded linux platform at the heart of Android. These essential bits are required for basic booting, operation, and debugging. They should not depend on libraries outside of system/... (some of them do currently -- they need to be updated or changed) and they should not be required for the simulator build. The license for all these pieces should be clean (Apache2, BSD, or MIT). Currently system/bluetooth/... and system/extra/... have some pieces with GPL/LGPL licensed code. Assorted Issues: - pppd depends on libutils for logging - pppd depends on libcrypt/libcrypto - init, linker, debuggerd, toolbox, usbd depend on libcutils - should probably rename bionic to libc