summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author TreeHugger Robot <treehugger-gerrit@google.com> 2020-02-03 20:51:55 +0000
committer Android (Google) Code Review <android-gerrit@google.com> 2020-02-03 20:51:55 +0000
commit19fd3c80f5aa0acdf1396780113063defee624c4 (patch)
tree9dcd06d9020a4cbb25eaf73c2770aa6576284e3c
parent4784d2c05682f1ee94c32c13fb58b72ea2fe7e2f (diff)
parent36e16b2e947e73e95b903cdae4025af15dc988cb (diff)
Merge "Restrict access_mtp permission access to Android/"
Diffstat
-rw-r--r--services/core/java/com/android/server/StorageManagerService.java8
1 files changed, 6 insertions, 2 deletions
diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java
index e17dde9a766e..a08bdb23dd22 100644
--- a/services/core/java/com/android/server/StorageManagerService.java
+++ b/services/core/java/com/android/server/StorageManagerService.java
@@ -3942,8 +3942,12 @@ class StorageManagerService extends IStorageManager.Stub
final boolean hasMtp = mIPackageManager.checkUidPermission(ACCESS_MTP, uid) ==
PERMISSION_GRANTED;
if (mIsFuseEnabled && hasMtp) {
- // The process hosting the MTP server should be able to write in Android/
- return Zygote.MOUNT_EXTERNAL_ANDROID_WRITABLE;
+ ApplicationInfo ai = mIPackageManager.getApplicationInfo(packageName,
+ 0, UserHandle.getUserId(uid));
+ if (ai.isSignedWithPlatformKey()) {
+ // Platform processes hosting the MTP server should be able to write in Android/
+ return Zygote.MOUNT_EXTERNAL_ANDROID_WRITABLE;
+ }
}
// Determine if caller is holding runtime permission
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-10-21 10:25:19 +0000