Why 'system' user cannot access /sdcard, follow-up question

[Ryan]

I've seen the following explanation about why the system user is not
allowed to read/write the sdcard:

"The system user is not allowed to touch the SD card so that the
system does not get killed if the card is removed or unmounted."

I'm looking for some clarification on that statement. Does it mean
that the single process with UID system that is accessing the sdcard
will be killed or all processes running with the UID system will be
killed. Better yet, can someone point me to the code that will be
doing said killing.

[Dianne Hackborn]

Processes that continue holding open fds on the sdcard a little after it is requested to be unmounted will be killed so that it can unmount.

We don't want the system process to  be able to access the sdcard to avoid these kinds of issues (and just general security cleanliness), so that it does not have permission to access it.

--
unsubscribe: android-porti...@googlegroups.com
website: http://groups.google.com/group/android-porting

--
Dianne Hackborn
Android framework engineer
hac...@android.com

Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails.  All such questions should be posted on public forums, where I and others can see and answer them.

[Ryan]

Are the processes with open fds notified via a sig before eventually
being killed? SIGTERM then SIGKILL? I'm dealing with some code that
pushes logs to the sdcard and I'd like to make sure it's able to
cleanly exit when requested to do so.

Also, can you point me to the code that handles the processes with
open fds before the unmount?

On Feb 7, 9:02 pm, Dianne Hackborn <hack...@android.com> wrote:
> Processes that continue holding open fds on the sdcard a little after it is
> requested to be unmounted will be killed so that it can unmount.
>
> We don't want the system process to  be able to access the sdcard to avoid
> these kinds of issues (and just general security cleanliness), so that it
> does not have permission to access it.
>
>
>
> On Sun, Feb 7, 2010 at 8:40 PM, Ryan <arewh...@gmail.com> wrote:
> > I've seen the following explanation about why the system user is not
> > allowed to read/write the sdcard:
>
> > "The system user is not allowed to touch the SD card so that the
> > system does not get killed if the card is removed or unmounted."
>
> > I'm looking for some clarification on that statement. Does it mean
> > that the single process with UID system that is accessing the sdcard
> > will be killed or all processes running with the UID system will be
> > killed. Better yet, can someone point me to the code that will be
> > doing said killing.
>
> > --

> > unsubscribe: android-porti...@googlegroups.com<android-porting%2Bunsu...@googlegroups.com>

> > website:http://groups.google.com/group/android-porting
>
> --
> Dianne Hackborn
> Android framework engineer

> hack...@android.com

[Ryan]

Found the code and the answer to my question in case anyone else is
interested:

system/core/vold/volmgr.c

Processes are sent SIGTERM and then eventually SIGKILL if they don't
obey.

[Dianne Hackborn]

There is a broadcast sent when the media is being unmounted.

--
unsubscribe: android-porti...@googlegroups.com
website: http://groups.google.com/group/android-porting

--
Dianne Hackborn
Android framework engineer

hac...@android.com