Skip to content

Commit 5d32e77

Browse files
committed
Enforce READ_EXTERNAL on non-user builds.
Enable default enforcement of READ_EXTERNAL_STORAGE on non-user builds. Users can still explicitly enable enforcement in Settings. Bug: 6131916 Change-Id: I7dc66b624ad252ed2a2ad3647f3ea85dda7f8e82
1 parent 9492947 commit 5d32e77

File tree

4 files changed

+20
-47
lines changed

4 files changed

+20
-47
lines changed

core/java/android/content/pm/IPackageManager.aidl

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -373,6 +373,6 @@ interface IPackageManager {
373373
List<UserInfo> getUsers();
374374
UserInfo getUser(int userId);
375375

376-
void setPermissionEnforcement(String permission, int enforcement);
377-
int getPermissionEnforcement(String permission);
376+
void setPermissionEnforced(String permission, boolean enforced);
377+
boolean isPermissionEnforced(String permission);
378378
}

core/java/android/content/pm/PackageManager.java

Lines changed: 2 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@
2828
import android.content.res.XmlResourceParser;
2929
import android.graphics.drawable.Drawable;
3030
import android.net.Uri;
31+
import android.os.Build;
3132
import android.os.Environment;
3233
import android.util.AndroidException;
3334
import android.util.DisplayMetrics;
@@ -1091,21 +1092,7 @@ public NameNotFoundException(String name) {
10911092
= "android.content.pm.extra.VERIFICATION_INSTALL_FLAGS";
10921093

10931094
/** {@hide} */
1094-
public static final int ENFORCEMENT_DEFAULT = 0;
1095-
/** {@hide} */
1096-
public static final int ENFORCEMENT_YES = 1;
1097-
1098-
/** {@hide} */
1099-
public static String enforcementToString(int enforcement) {
1100-
switch (enforcement) {
1101-
case ENFORCEMENT_DEFAULT:
1102-
return "DEFAULT";
1103-
case ENFORCEMENT_YES:
1104-
return "YES";
1105-
default:
1106-
return Integer.toString(enforcement);
1107-
}
1108-
}
1095+
public static final boolean DEFAULT_ENFORCE_READ_EXTERNAL_STORAGE = !"user".equals(Build.TYPE);
11091096

11101097
/**
11111098
* Retrieve overall information about an application package that is

services/java/com/android/server/pm/PackageManagerService.java

Lines changed: 9 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,6 @@
2020
import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED;
2121
import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED_USER;
2222
import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_ENABLED;
23-
import static android.content.pm.PackageManager.ENFORCEMENT_DEFAULT;
24-
import static android.content.pm.PackageManager.ENFORCEMENT_YES;
2523
import static android.Manifest.permission.READ_EXTERNAL_STORAGE;
2624
import static android.Manifest.permission.GRANT_REVOKE_PERMISSIONS;
2725
import static libcore.io.OsConstants.S_ISLNK;
@@ -9030,12 +9028,12 @@ public void updateUserName(int userId, String name) {
90309028
}
90319029

90329030
@Override
9033-
public void setPermissionEnforcement(String permission, int enforcement) {
9031+
public void setPermissionEnforced(String permission, boolean enforced) {
90349032
mContext.enforceCallingOrSelfPermission(GRANT_REVOKE_PERMISSIONS, null);
90359033
if (READ_EXTERNAL_STORAGE.equals(permission)) {
90369034
synchronized (mPackages) {
9037-
if (mSettings.mReadExternalStorageEnforcement != enforcement) {
9038-
mSettings.mReadExternalStorageEnforcement = enforcement;
9035+
if (mSettings.mReadExternalStorageEnforced != enforced) {
9036+
mSettings.mReadExternalStorageEnforced = enforced;
90399037
mSettings.writeLPr();
90409038

90419039
// kill any non-foreground processes so we restart them and
@@ -9058,27 +9056,18 @@ public void setPermissionEnforcement(String permission, int enforcement) {
90589056
}
90599057

90609058
@Override
9061-
public int getPermissionEnforcement(String permission) {
9059+
public boolean isPermissionEnforced(String permission) {
90629060
mContext.enforceCallingOrSelfPermission(GRANT_REVOKE_PERMISSIONS, null);
9063-
if (READ_EXTERNAL_STORAGE.equals(permission)) {
9064-
synchronized (mPackages) {
9065-
return mSettings.mReadExternalStorageEnforcement;
9066-
}
9067-
} else {
9068-
throw new IllegalArgumentException("No selective enforcement for " + permission);
9061+
synchronized (mPackages) {
9062+
return isPermissionEnforcedLocked(permission);
90699063
}
90709064
}
90719065

90729066
private boolean isPermissionEnforcedLocked(String permission) {
90739067
if (READ_EXTERNAL_STORAGE.equals(permission)) {
9074-
switch (mSettings.mReadExternalStorageEnforcement) {
9075-
case ENFORCEMENT_DEFAULT:
9076-
return false;
9077-
case ENFORCEMENT_YES:
9078-
return true;
9079-
}
9068+
return mSettings.mReadExternalStorageEnforced;
9069+
} else {
9070+
return true;
90809071
}
9081-
9082-
return true;
90839072
}
90849073
}

services/java/com/android/server/pm/Settings.java

Lines changed: 7 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,6 @@
2020
import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED;
2121
import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED_USER;
2222
import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_ENABLED;
23-
import static android.content.pm.PackageManager.ENFORCEMENT_DEFAULT;
2423
import static android.Manifest.permission.READ_EXTERNAL_STORAGE;
2524

2625
import com.android.internal.util.FastXmlSerializer;
@@ -112,7 +111,7 @@ final class Settings {
112111
int mInternalSdkPlatform;
113112
int mExternalSdkPlatform;
114113

115-
int mReadExternalStorageEnforcement = ENFORCEMENT_DEFAULT;
114+
boolean mReadExternalStorageEnforced = PackageManager.DEFAULT_ENFORCE_READ_EXTERNAL_STORAGE;
116115

117116
/** Device identity for the purpose of package verification. */
118117
private VerifierDeviceIdentity mVerifierDeviceIdentity;
@@ -1140,10 +1139,11 @@ void writeLPr() {
11401139
serializer.endTag(null, "verifier");
11411140
}
11421141

1143-
if (mReadExternalStorageEnforcement != ENFORCEMENT_DEFAULT) {
1142+
if (mReadExternalStorageEnforced
1143+
!= PackageManager.DEFAULT_ENFORCE_READ_EXTERNAL_STORAGE) {
11441144
serializer.startTag(null, TAG_READ_EXTERNAL_STORAGE);
11451145
serializer.attribute(
1146-
null, ATTR_ENFORCEMENT, Integer.toString(mReadExternalStorageEnforcement));
1146+
null, ATTR_ENFORCEMENT, mReadExternalStorageEnforced ? "1" : "0");
11471147
serializer.endTag(null, TAG_READ_EXTERNAL_STORAGE);
11481148
}
11491149

@@ -1548,10 +1548,7 @@ boolean readLPw(List<UserInfo> users) {
15481548
}
15491549
} else if (TAG_READ_EXTERNAL_STORAGE.equals(tagName)) {
15501550
final String enforcement = parser.getAttributeValue(null, ATTR_ENFORCEMENT);
1551-
try {
1552-
mReadExternalStorageEnforcement = Integer.parseInt(enforcement);
1553-
} catch (NumberFormatException e) {
1554-
}
1551+
mReadExternalStorageEnforced = "1".equals(enforcement);
15551552
} else {
15561553
Slog.w(PackageManagerService.TAG, "Unknown element under <packages>: "
15571554
+ parser.getName());
@@ -2560,8 +2557,8 @@ void dumpPermissionsLPr(PrintWriter pw, String packageName, DumpState dumpState)
25602557
pw.print(" perm="); pw.println(p.perm);
25612558
}
25622559
if (READ_EXTERNAL_STORAGE.equals(p.name)) {
2563-
pw.print(" enforcement=");
2564-
pw.println(PackageManager.enforcementToString(mReadExternalStorageEnforcement));
2560+
pw.print(" enforced=");
2561+
pw.println(mReadExternalStorageEnforced);
25652562
}
25662563
}
25672564
}

0 commit comments

Comments
 (0)