Enforce FUSE restrictions based on target SDK
Allow apps targeting version Q or older to bypass FUSE file path access
restrictions only if they request legacy storage and have the right
storage permissions. The behaviour for legacy apps is as follows:
* Legacy app with no permissions at all can only access its external
storage dir
* Legacy app with permissions have an unrestrcited access to all of
external storage, including other apps' external dirs
This bypass option is added to the following ops:
* create
* open
* mkdir/rmdir
* opendir
* read (the redaction logic)
The behaviour for close remains unchanged: all files that were open for
write will be scanned after they are closed.
Add host test to ensure we always run FuseDaemonTest. If FUSE is not on,
the host test enables FUSE, reboots the device and then run the tests.
It also restores the original FUSE settings after the test.
Add test for legacy file path access.
This change does not take file manager or gallery apps into
consideration. Left a TODO in the code for that, which can be addressed
after b/137755945 is implemented.
Test: atest FuseDaemonHostTest
Test: atest --test-mapping # FUSE off
Bug: 144990065
Fixes: 145658757
Change-Id: I7fbb171397c5ad2444f2a51236269ab2695dc4c4
13 files changed