Permission to view shared storage for all users.

Typical apps are restricted so they can only view shared storage
belonging to the user they're running as.  However, a handful of
system components need access to shared storage across all users,
such as DefaultContainerService and SystemUI.

Since WRITE_MEDIA_STORAGE already offers this functionality by
bypassing any FUSE emulation, reuse it to grant the "sdcard_rw" GID
which is no longer handed out to third-party apps.  Then we change
the FUSE daemon to allow the "sdcard_rw" GID to see shared storage
of all users.

Bug: 19995822
Change-Id: Id2fe846aefbf13fc050e9b00ddef120021e817f4

sdcard/sdcard.c

@@ -444,7 +444,16 @@ static void derive_permissions_locked(struct fuse* fuse, struct node *parent,
         /* Legacy internal layout places users at top level */
         node->perm = PERM_ROOT;
         node->userid = strtoul(node->name, NULL, 10);
-        node->gid = multiuser_get_uid(node->userid, fuse->gid);
+        if (fuse->gid == AID_SDCARD_RW) {
+            /* As an optimization, certain trusted system components only run
+             * as owner but operate across all users. Since we're now handing
+             * out the sdcard_rw GID only to trusted apps, we're okay relaxing
+             * the user boundary enforcement for the default view. The UIDs
+             * assigned to app directories are still multiuser aware. */
+            node->gid = fuse->gid;
+        } else {
+            node->gid = multiuser_get_uid(node->userid, fuse->gid);
+        }
         node->mode = 0771;
         break;
     case PERM_ROOT: