diff options
| author | 2019-04-12 13:55:20 -0700 | |
|---|---|---|
| committer | 2019-04-12 16:38:10 -0700 | |
| commit | 783c90e9b47dd93d75bfbb09795fa72333bff842 (patch) | |
| tree | 80a1d09892a396326c98370eff66f16455418426 | |
| parent | d5bf01ca8b11a50ac99553fcf8f809fc2e52713a (diff) | |
Allow sandboxed apps to access only package specific dirs.
Bug: 130427780
Test: manual
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/ExternalStorageHostTest.java
Change-Id: Ie2d959c1cd8f44c48fb060c8ac5aa2d195298c8a
| -rw-r--r-- | core/jni/com_android_internal_os_Zygote.cpp | 9 | ||||
| -rw-r--r-- | services/core/java/com/android/server/StorageManagerService.java | 5 |
2 files changed, 10 insertions, 4 deletions
diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp index f599913ce497..43ffb1f8ac57 100644 --- a/core/jni/com_android_internal_os_Zygote.cpp +++ b/core/jni/com_android_internal_os_Zygote.cpp @@ -877,8 +877,12 @@ static void MountEmulatedStorage(uid_t uid, jint mount_mode, storage_source = "/mnt/runtime/default"; } else if (mount_mode == MOUNT_EXTERNAL_READ) { storage_source = "/mnt/runtime/read"; - } else if (mount_mode == MOUNT_EXTERNAL_WRITE) { + } else if (mount_mode == MOUNT_EXTERNAL_WRITE + || mount_mode == MOUNT_EXTERNAL_LEGACY + || mount_mode == MOUNT_EXTERNAL_INSTALLER) { storage_source = "/mnt/runtime/write"; + } else if (mount_mode == MOUNT_EXTERNAL_FULL) { + storage_source = "/mnt/runtime/full"; } else if (mount_mode == MOUNT_EXTERNAL_NONE && !force_mount_namespace) { // Sane default of no storage visible return; @@ -894,7 +898,8 @@ static void MountEmulatedStorage(uid_t uid, jint mount_mode, return; } - if (GetBoolProperty(kIsolatedStorageSnapshot, GetBoolProperty(kIsolatedStorage, true))) { + if (/* DISABLES CODE */ (false) + && GetBoolProperty(kIsolatedStorageSnapshot, GetBoolProperty(kIsolatedStorage, true))) { if (mount_mode == MOUNT_EXTERNAL_FULL || mount_mode == MOUNT_EXTERNAL_LEGACY) { storage_source = (mount_mode == MOUNT_EXTERNAL_FULL) ? "/mnt/runtime/full" : "/mnt/runtime/write"; diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java index da9cffa73585..2b4dc1c42dc9 100644 --- a/services/core/java/com/android/server/StorageManagerService.java +++ b/services/core/java/com/android/server/StorageManagerService.java @@ -1679,6 +1679,7 @@ class StorageManagerService extends IStorageManager.Stub ServiceManager.getService(Context.APP_OPS_SERVICE)); try { mIAppOpsService.startWatchingMode(OP_REQUEST_INSTALL_PACKAGES, null, mAppOpsCallback); + mIAppOpsService.startWatchingMode(OP_LEGACY_STORAGE, null, mAppOpsCallback); } catch (RemoteException e) { } @@ -3443,7 +3444,7 @@ class StorageManagerService extends IStorageManager.Stub } private String translateInternal(String path, int pid, int uid, boolean toSystem) { - if (!ENABLE_ISOLATED_STORAGE) return path; + if (true) return path; if (path.contains("/../")) { throw new SecurityException("Shady looking path " + path); @@ -3873,7 +3874,7 @@ class StorageManagerService extends IStorageManager.Stub if ((hasLegacy || requestedLegacy) && hasStorage) { return Zygote.MOUNT_EXTERNAL_LEGACY; } else { - return Zygote.MOUNT_EXTERNAL_WRITE; + return Zygote.MOUNT_EXTERNAL_DEFAULT; } } catch (RemoteException e) { // Should not happen |