Fix for empty app-mounted directories (CifsManager, etc.) in Android 5.0?

[bseos]

Android 5.0 Lollipop breaks apps that mount file systems to be shared with other apps. This includes CifsManager, Mount Manager, essentially anything that mounts cifs shares, FUSE file sytems, etc. The symptom is that the mounted contents appear fine to app that peforms the mount operation (assuming the app itself provides the ability to browse the contents), but every other app only sees an empty directory at the mount point.

Will a fix be possible for Lollipop as it was for Android 4.2?

 

[bseos]

Fix as pointed out by user glimmling.

Firstly, ensure you have the ElementalX kernel flashed onto your nexus 5.

Cifs is definitily working on lollipop with my old Nexus 7. I use a patched kernel to make the mounts visible for all apps: http://forum.xda-developers.com/showpost.php?p=36908034&postcount=1

If your kernel doesn't have the patches, there is a second workaround with the SuperSU mount-master option: http://su.chainfire.eu/#how-mount

Important! Both approaches needs the SE Linux mode to be "permissive" to see the files in the mounts.

This example should work:

su
setenforce Permissive
su --mount-master -c busybox mount -o username=guest,rw,noperm,iocharset=utf8 -t cifs //192.168.178.23/cifsshare /data/media/0/mounts/cifsshare

If you can't be buggered typing out lengthy line 3 every time you mount you can use the patched version of Cifsmanager.v1.5a which uses prefixed mount command (su --mount-master -c) however it requires SuperSU and you still need SE Linux mode to be "permissive" to see the files in the mounts. So you can either do that manually in terminal:

su
setenforce Permissive

or download SELinux Mode Changer to switch for you (note: it's a bit buggy on switching)


After unmounting the share you should go back to Enforcing mode.

su
setenforce Enforcing

or just use SELinux Mode Changer to change back.

What is the difference between the SE for Android status: Enforcing, Permissive and Disabled?
Enforcing — SE for Android is enforcing the loaded policy. Your device is actively protected from security threats and malicious apps will be denied access.
Permissive — The SE for Android policy file is loaded, but your device is not enforcing it. If a malicious app tries to access a resource that it is not allowed to, the access will be logged but not prevented. This mode is intended for testing and debugging. It generates log files of denied app and allows Samsung to identify new app threats and update its policy files.
Disabled — The SE for Android infrastructure is not enabled, and there is no policy file loaded. Log files are not generated and your system is vulnerable to security threats.

 

[willpeters]

If you can't be buggered typing out lengthy line 3 every time you mount you can use the patched version of Cifsmanager.v1.5a which uses prefixed mount command (su --mount-master -c) however it requires SuperSU and you still need SE Linux mode to be "permissive" to see the files in the mounts.

If you want to leave SELinux enabled, you can use that patched version of Cifsmanager above and and label the directory in the Options,

context=u:object_r:rootfs:s0

The full options string i use

vers=2.1,domain=MYDOMAIN,rw,file_mode=0777,dir_mode=0777,context=u:object_r:rootfs:s0

This works for my Nexus 6, 5.0 & 5.1.

Note: the version 2.1, isn't always enabled in the kernel so you might have to remove vers=2.1.