On 08/02/2013 05:35 AM, Janosch Maier wrote: > Some more followup for the /data/media issue is needed: > > The fuse labeling works, i think. The files in /sdcard or /mnt/sdcard > look fine: > drwxrwxr-x root sdcard_rw u:object_r:sdcard_internal:s0 Alarms > > But the files in /data/media/0 which is the original location of the > files does not: > drwxrwxr-x media_rw media_rw u:object_r:unlabeled:s0 Alarms > > The sdcard service adresses the mounting: > # create virtual SD card at /mnt/sdcard, based on the /data/media directory > # daemon will drop to user/group system/media_rw after initializing > # underlying files in /data/media wil be created with user and group > media_rw (1023) > service sdcard /system/bin/sdcard /data/media /mnt/shell/emulated 1023 1023 > class late_start > > However, when working on the system, the access to the files is done via > /data/media and will fail in enforcinge mode.
On our devices, /data/media is labeled with system_data_file, shell@manta/ # cd /data/media shell@manta:/data/media # ls -Z drwxrwx--- media_rw media_rw u:object_r:system_data_file:s0 0 drwxrwxr-x media_rw media_rw u:object_r:system_data_file:s0 legacy drwxrwx--- media_rw media_rw u:object_r:system_data_file:s0 obb While /data/media provides the underlying storage, I don't believe it should be accessible in the same way as the fuse mount. Note that the DAC ownerships and modes are different as well. Thus we don't want the same type on it. I think if you use the correct APIs for accessing external storage, then you will go through the fuse mount interface and thus not have any problems with permissions. -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
