IOCipher writes all perms as uid+gid 0 in the sqlfs container
The followup to #266
Inside the virtual filesystem IOCipher writes all files with perms for root. What are the usability and security considerations of this?
Thoughts: Any permissions we impose in the VFS are entirely virtual (...), that is, any process that is able to get a handle on the database (and decrypt it if needed) will be able to write/read anything it desires. This is OK on Android, as IOCipher stores the sql database in its internal app storage. Does that make sense?
So, the question is, do we have a use case for granular permissions inside the VFS container? Is this something we should punt until a use case presents itself?