Allow shell to write to /sdcard/Android/data and /sdcard/Android/obb.
On devices without sdcardfs, these are only writable by the owning UID,
and/or the ext_data_rw/ext_obb_rw groups respectively.
Bug: 161134565
Bug: 162810387
Test: try to write to /sdcard/Android/data/ from shell uid
Change-Id: I19a9980bcff7b6fd0554dd2a4c8d59abe6ad540b
(cherry picked from commit 4da604ba4e99619e4318f2aee952cffbd6c25ace)
diff --git a/adb/daemon/main.cpp b/adb/daemon/main.cpp
index 658e244..7a0f7ff 100644
--- a/adb/daemon/main.cpp
+++ b/adb/daemon/main.cpp
@@ -108,9 +108,12 @@
// AID_NET_BW_STATS to read out qtaguid statistics
// AID_READPROC for reading /proc entries across UID boundaries
// AID_UHID for using 'hid' command to read/write to /dev/uhid
+ // AID_EXT_DATA_RW for writing to /sdcard/Android/data (devices without sdcardfs)
+ // AID_EXT_OBB_RW for writing to /sdcard/Android/obb (devices without sdcardfs)
gid_t groups[] = {AID_ADB, AID_LOG, AID_INPUT, AID_INET,
AID_NET_BT, AID_NET_BT_ADMIN, AID_SDCARD_R, AID_SDCARD_RW,
- AID_NET_BW_STATS, AID_READPROC, AID_UHID};
+ AID_NET_BW_STATS, AID_READPROC, AID_UHID, AID_EXT_DATA_RW,
+ AID_EXT_OBB_RW};
minijail_set_supplementary_gids(jail.get(), arraysize(groups), groups);
// Don't listen on a port (default 5037) if running in secure mode.