What is the "u#_everybody" UID?

by humanityANDpeace   Last Updated June 25, 2019 08:11 AM - source

In (multi-user) Android there are UIDs like these:

  • u0_everybody
  • u10_everybody
  • u11_everybody

Those seem different to the usual uXX_aYY UIDs used for the applications. What is their purpose? Is this a way to make files available to all applications (share between applications of a user account)?

Answers 1

Android reserves UIDs / GIDs ranging from 10000 to 19999 for apps. AID_EVERYBODY is one of the special groups, which is used to control app's read / write ability to external storage (/sdcard). This group has GID 9997 for device owner. If there are profiles or multiple users, GID takes form XX09997, where XX is UserID. So u11_everybody resolves to UID 1109997 and u11_a500 to 1110500.

Starting with Android 6, every app has it's own view of /sdcard, which is controlled by exposing /data/media/[UserID] with different permissions. This is achieved by making use of an emulated filesystem (previously FUSE, now sdcardfs) and mount namespaces. For device owner i.e. UserId 0, /sdcard appears with following three VIEWs of permission sets:

  1. For processes running in root mount namespace such as init, netd, vold etc., permissions appear as 0.1015, 0751.
  2. For processes having android.permission.READ_EXTERNAL_STORAGE, permissions appear as 0.9997, 0750.
  3. For processes having android.permission.WRITE_EXTERNAL_STORAGE, permissions appear as 0.9997, 0770.

Considering three distinct VIEWs, we come with four situations:

  1. Processes running with root privileges i.e. UID 0 have always R/W access to /sdcard. However if a non-privileged process running in root mount namespace wants R/W access to /sdcard, that would be controlled by group AID_SDCARD_RW (GID 1015). An example is ADB daemon which runs with UID / GID 2000 but 1015 in its supplementarry groups.

Since every app runs with its unique UID in a separate mount namespace:

  1. Apps without READ/WRITE_EXTERNAL_STORAGE permissions won't be able to read or write to /sdcard, but with one exception. Let's take example of app com.xyz with UID 10500. Apart from internal data directory /data/data/com/xyz, app has a Private Storage directory /sdcard/Android/data/com.xyz with owner UID 10500. So this directory is always readable / writable by the app.
    Please not that /sdcard/Android/data is traversable for all apps, but no R/W access.

Since every app is a member of everybody (9997) group:

  1. Apps with READ_EXTERNAL_STORAGE permission will be able to read the /sdcard in addition to previous permission.
  2. Apps with WRITE_EXTERNAL_STORAGE permission will be able to write to /sdcard in addition to previous two permissions. So the app has full R/W access to shared / external Public Storage including other apps' Private Storage.

In the same way it works for other user accounts / profiles.

Opaque Binary Blobs: (OBB)

Some apps need additional storage to save large files which can't be included in .apk file due to 100MB maximum size limit. There are two possible obb locations where these files are saved: /data/media/obb/ and /sdcard/Android/obb/. The former was introduced before multi-users concept, so it's only available to device owner. Later is available to apps in multi-user accounts / profiles as well.
Access to former is controlled the same way as to /sdcard, while later is always accessible by an app as is the private external storage.


Irfan Latif
Irfan Latif
April 09, 2019 17:24 PM

Related Questions

Can't create new folders on SD card?

Updated August 27, 2018 19:11 PM