The UID/GID of a shared filesystem cannot be changed on the guest side after creation with "chown", either via command line or through API calls.
Due to way the FUSE message protocol works, there is no way to know the UID/GID of the guest (Linux/Android) user that has issued the open command for file creation. Files are always created with the UID/GID of the "passthrough" daemon, which is root by default. As a result, the guest can only access/manipulate the shared filesystem as root.
There is currently one viable solution to this issue, i.e. using security policies:
If the system is making use of security policies, a security policy type can be made to have the procmgr chroot ability. It can then be launched like so:
on -u UID:GID -T default_root_t -A nonroot,allow,inherit,chroot /usr/bin/fuse_launcher
The qvm process can then be launched like so:
on -T default_root_t <qvm>
Using the above logic, multiple instances of fuse_launcher can be launched for each shared filesystem the user would like to create each with a different UID/GID. Unfortunately, if more than one directory is to be shared, then multiple instances of fuse_launcher are needed.
