I’m currently working on the native part of Android using the 5.x AOSP release made by Intel for the Minnowboard MAX. During one of my activities I had the need to put a shell script inside a directory of the system root. Since most of the AOSP filesystem is mounted as read only, my question was:
How are directories and files permissions set in the AOSP filesystem?
Digging through AOSP documentation I found this page that pointed me to a very interesting file in the AOSP tree:
system/core/include/private/android_filesystem_config.h
Lot of things are inside this file:
- List of master users and groups, like
#define AID_ROOT 0 /* traditional unix root user */ #define AID_SYSTEM 1000 /* system server */ #define AID_RADIO 1001 /* telephony subsystem, RIL */ #define AID_CAMERA 1006 /* camera devices */
or the UIDs used for processes sandboxing (more details here)
#define AID_ISOLATED_START 99000 /* start of uids for fully isolated sandboxed processes */ #define AID_ISOLATED_END 99999 /* end of uids for fully isolated sandboxed processes */
- Rules for setting mode, uid and gid for the directories in the filesystem, e.g.
{ 00750, AID_ROOT, AID_SHELL, 0, "sbin" },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin" },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/vendor" },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/xbin" },
{ 00755, AID_ROOT, AID_ROOT, 0, "system/etc/ppp" },
- Rules for setting mode, uid and gid for the files, e.g.
{ 00555, AID_ROOT, AID_ROOT, 0, "system/etc/ppp/*" },
{ 00555, AID_ROOT, AID_ROOT, 0, "system/etc/rc.*" },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/vendor/bin/*" },
{ 00755, AID_ROOT, AID_ROOT, 0, "bin/*" },
Analyzing the entries in this file, one can easily choose where to put a file.
Going back to my original problem, the mode, uid and gid of the files in system/vendor/bin were appropriate to my needs, so that directory becomes the right place for my shell script.
According to the documentation there are some changes for Marshmallow, in order to simplify filesystem customization for device makers: as soon as I find a development board that supports Android M, I will take another look at this.