Merge "Revert "Change init sequence to support file level encryption"" into mnc-dev
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 3353c64..7af2b77 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -639,7 +639,7 @@
oneshot
service gatekeeperd /system/bin/gatekeeperd /data/misc/gatekeeper
- class main
+ class late_start
user system
service installd /system/bin/installd
diff --git a/sdcard/sdcard.c b/sdcard/sdcard.c
index 3cd5bc4..4b8e0c0 100644
--- a/sdcard/sdcard.c
+++ b/sdcard/sdcard.c
@@ -444,7 +444,16 @@
/* Legacy internal layout places users at top level */
node->perm = PERM_ROOT;
node->userid = strtoul(node->name, NULL, 10);
- node->gid = multiuser_get_uid(node->userid, fuse->gid);
+ if (fuse->gid == AID_SDCARD_RW) {
+ /* As an optimization, certain trusted system components only run
+ * as owner but operate across all users. Since we're now handing
+ * out the sdcard_rw GID only to trusted apps, we're okay relaxing
+ * the user boundary enforcement for the default view. The UIDs
+ * assigned to app directories are still multiuser aware. */
+ node->gid = fuse->gid;
+ } else {
+ node->gid = multiuser_get_uid(node->userid, fuse->gid);
+ }
node->mode = 0771;
break;
case PERM_ROOT:
@@ -1504,16 +1513,14 @@
{
struct fuse* fuse = handler->fuse;
for (;;) {
- ssize_t len = read(fuse->fd,
- handler->request_buffer, sizeof(handler->request_buffer));
+ ssize_t len = TEMP_FAILURE_RETRY(read(fuse->fd,
+ handler->request_buffer, sizeof(handler->request_buffer)));
if (len < 0) {
- if (errno != EINTR) {
- ERROR("[%d] handle_fuse_requests: errno=%d\n", handler->token, errno);
- }
if (errno == ENODEV) {
ERROR("[%d] someone stole our marbles!\n", handler->token);
exit(2);
}
+ ERROR("[%d] handle_fuse_requests: errno=%d\n", handler->token, errno);
continue;
}