Only allow Download authority/MTP/installers to write in Android/.
Previously when FUSE was enabled, we gave all apps requesting
WRITE_MEDIA_STORAGE or install permissions a direct view
to the lower filesystem. This was way too broad for a few reasons:
1) WRITE_MEDIA_STORAGE will be deprecated; holding that permission by
itself shouldn't grant you any special privileges.
2) Installers should only be able to write OBBs
The only other exceptions that are allowed to bypass scoped storage are
the process hosting the DownloadProvider and the process implementing
the MTP server; both of these have legit reasons for writing in
Android/. The way this is currently implemented is by giving these apps
the SDCARD_RW gid, which has write access in the default Android/
sdcardfs view.
Installers will be further scoped down to be only able to access OBB
in a follow-up CL.
Bug: 134706060
Bug: 146490513
Test: DownloadProvider can download
Play + OBBs work
Writing in Android/ through MTP works
Change-Id: Iff8681732d0c1124e24e5347f7dcb64b781c1e8c
7 files changed