Merge "Respect MANAGE_EXTERNAL_STORAGE in checks for READ/WRITE_EXTERNAL_STORAGE" into rvc-dev am: 27d6605c52 am: 06a12085ab

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11797136 Change-Id: Idbb87c8c75877c722c049d73f6fe4e77ce050353
author: Nikita Ioffe <ioffe@google.com> 2020-06-16 10:38:34 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2020-06-16 10:38:34 +0000
commit: 454106d01a3d0d6ef8711a816ac7490b06ebb4c7 (patch)
tree: 4a19beb54e04c2338ca72509e84ce033c201dfee
parent: f5adbef7b6671f73e67e1e58c46e07ab23ab747d (diff)
parent: 06a12085ab3609946622d57374380665ec1e4626 (diff)
1 files changed, 26 insertions, 6 deletions
diff --git a/core/java/android/os/storage/StorageManager.java b/core/java/android/os/storage/StorageManager.java
index e8806a03d00e..0abf8ae352af 100644
--- a/core/java/android/os/storage/StorageManager.java
+++ b/core/java/android/os/storage/StorageManager.java
@@ -16,9 +16,11 @@
 
 package android.os.storage;
 
+import static android.Manifest.permission.MANAGE_EXTERNAL_STORAGE;
 import static android.Manifest.permission.READ_EXTERNAL_STORAGE;
 import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE;
 import static android.app.AppOpsManager.OP_LEGACY_STORAGE;
+import static android.app.AppOpsManager.OP_MANAGE_EXTERNAL_STORAGE;
 import static android.app.AppOpsManager.OP_READ_EXTERNAL_STORAGE;
 import static android.app.AppOpsManager.OP_READ_MEDIA_AUDIO;
 import static android.app.AppOpsManager.OP_READ_MEDIA_IMAGES;
@@ -1853,7 +1855,7 @@ public class StorageManager {
     /** {@hide} */
     public boolean checkPermissionReadAudio(boolean enforce,
             int pid, int uid, String packageName, @Nullable String featureId) {
-        if (!checkPermissionAndAppOp(enforce, pid, uid, packageName, featureId,
+        if (!checkExternalStoragePermissionAndAppOp(enforce, pid, uid, packageName, featureId,
                 READ_EXTERNAL_STORAGE, OP_READ_EXTERNAL_STORAGE)) {
             return false;
         }
@@ -1864,7 +1866,7 @@ public class StorageManager {
     /** {@hide} */
     public boolean checkPermissionWriteAudio(boolean enforce,
             int pid, int uid, String packageName, @Nullable String featureId) {
-        if (!checkPermissionAndAppOp(enforce, pid, uid, packageName, featureId,
+        if (!checkExternalStoragePermissionAndAppOp(enforce, pid, uid, packageName, featureId,
                 WRITE_EXTERNAL_STORAGE, OP_WRITE_EXTERNAL_STORAGE)) {
             return false;
         }
@@ -1875,7 +1877,7 @@ public class StorageManager {
     /** {@hide} */
     public boolean checkPermissionReadVideo(boolean enforce,
             int pid, int uid, String packageName, @Nullable String featureId) {
-        if (!checkPermissionAndAppOp(enforce, pid, uid, packageName, featureId,
+        if (!checkExternalStoragePermissionAndAppOp(enforce, pid, uid, packageName, featureId,
                 READ_EXTERNAL_STORAGE, OP_READ_EXTERNAL_STORAGE)) {
             return false;
         }
@@ -1886,7 +1888,7 @@ public class StorageManager {
     /** {@hide} */
     public boolean checkPermissionWriteVideo(boolean enforce,
             int pid, int uid, String packageName, @Nullable String featureId) {
-        if (!checkPermissionAndAppOp(enforce, pid, uid, packageName, featureId,
+        if (!checkExternalStoragePermissionAndAppOp(enforce, pid, uid, packageName, featureId,
                 WRITE_EXTERNAL_STORAGE, OP_WRITE_EXTERNAL_STORAGE)) {
             return false;
         }
@@ -1897,7 +1899,7 @@ public class StorageManager {
     /** {@hide} */
     public boolean checkPermissionReadImages(boolean enforce,
             int pid, int uid, String packageName, @Nullable String featureId) {
-        if (!checkPermissionAndAppOp(enforce, pid, uid, packageName, featureId,
+        if (!checkExternalStoragePermissionAndAppOp(enforce, pid, uid, packageName, featureId,
                 READ_EXTERNAL_STORAGE, OP_READ_EXTERNAL_STORAGE)) {
             return false;
         }
@@ -1908,7 +1910,7 @@ public class StorageManager {
     /** {@hide} */
     public boolean checkPermissionWriteImages(boolean enforce,
             int pid, int uid, String packageName, @Nullable String featureId) {
-        if (!checkPermissionAndAppOp(enforce, pid, uid, packageName, featureId,
+        if (!checkExternalStoragePermissionAndAppOp(enforce, pid, uid, packageName, featureId,
                 WRITE_EXTERNAL_STORAGE, OP_WRITE_EXTERNAL_STORAGE)) {
             return false;
         }
@@ -1916,6 +1918,24 @@ public class StorageManager {
                 OP_WRITE_MEDIA_IMAGES);
     }
 
+    private boolean checkExternalStoragePermissionAndAppOp(boolean enforce,
+            int pid, int uid, String packageName, @Nullable String featureId, String permission,
+            int op) {
+        // First check if app has MANAGE_EXTERNAL_STORAGE.
+        final int mode = mAppOps.noteOpNoThrow(OP_MANAGE_EXTERNAL_STORAGE, uid, packageName,
+                featureId, null);
+        if (mode == AppOpsManager.MODE_ALLOWED) {
+            return true;
+        }
+        if (mode == AppOpsManager.MODE_DEFAULT && mContext.checkPermission(
+                  MANAGE_EXTERNAL_STORAGE, pid, uid) == PERMISSION_GRANTED) {
+            return true;
+        }
+        // If app doesn't have MANAGE_EXTERNAL_STORAGE, then check if it has requested granular
+        // permission.
+        return checkPermissionAndAppOp(enforce, pid, uid, packageName, featureId, permission, op);
+    }
+
     /** {@hide} */
     @VisibleForTesting
     public @NonNull ParcelFileDescriptor openProxyFileDescriptor(
author	Nikita Ioffe <ioffe@google.com>	2020-06-16 10:38:34 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2020-06-16 10:38:34 +0000
commit	454106d01a3d0d6ef8711a816ac7490b06ebb4c7 (patch)
tree	4a19beb54e04c2338ca72509e84ce033c201dfee
parent	f5adbef7b6671f73e67e1e58c46e07ab23ab747d (diff)
parent	06a12085ab3609946622d57374380665ec1e4626 (diff)