diff options
| author | 2020-01-24 01:03:09 +0000 | |
|---|---|---|
| committer | 2020-01-29 21:50:47 +0000 | |
| commit | 87eacab57a9544f7b824da7e87ace2655e020d12 (patch) | |
| tree | 23a5fddee96ae2b065a3c2f7d0878f228a9aec3e | |
| parent | abaa9043481989722781394103a267ee213cf69c (diff) | |
Grant apps with WRITE_MEDIA_STORAGE legacy storage appop
An app can now have legacy storage access in 3 mutually exclusive
ways:
1. Targeting < Q
2. Targeting <=Q and explicitly requesting legacy access
3. Targeting <=Q and having the WRITE_MEDIA_STORAGE permission
In other words an app targeting R has no way to have legacy storage
access. Its only option is to request MANAGE_EXTERNAL_STORAGE access
Test: Verify via dumpsys the conditions above
Bug: 144914977
Change-Id: I3c868cd9b4da4083517dd64b3a3888aea4060f18
| -rw-r--r-- | services/core/java/com/android/server/policy/SoftRestrictedPermissionPolicy.java | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/services/core/java/com/android/server/policy/SoftRestrictedPermissionPolicy.java b/services/core/java/com/android/server/policy/SoftRestrictedPermissionPolicy.java index f3a60185bfb6..81ec46634e8a 100644 --- a/services/core/java/com/android/server/policy/SoftRestrictedPermissionPolicy.java +++ b/services/core/java/com/android/server/policy/SoftRestrictedPermissionPolicy.java @@ -18,12 +18,14 @@ package com.android.server.policy; import static android.Manifest.permission.READ_EXTERNAL_STORAGE; import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; +import static android.Manifest.permission.WRITE_MEDIA_STORAGE; import static android.app.AppOpsManager.OP_LEGACY_STORAGE; import static android.app.AppOpsManager.OP_NONE; import static android.content.pm.PackageManager.FLAG_PERMISSION_APPLY_RESTRICTION; import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT; import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT; import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT; +import static android.content.pm.PackageManager.PERMISSION_GRANTED; import static java.lang.Integer.min; @@ -114,6 +116,7 @@ public abstract class SoftRestrictedPermissionPolicy { boolean shouldApplyRestriction; final int targetSDK; final boolean hasRequestedLegacyExternalStorage; + final boolean hasWriteMediaStorageGrantedForUid; if (appInfo != null) { PackageManager pm = context.getPackageManager(); @@ -123,11 +126,14 @@ public abstract class SoftRestrictedPermissionPolicy { targetSDK = getMinimumTargetSDK(context, appInfo, user); hasRequestedLegacyExternalStorage = hasUidRequestedLegacyExternalStorage( appInfo.uid, context); + hasWriteMediaStorageGrantedForUid = hasWriteMediaStorageGrantedForUid( + appInfo.uid, context); } else { isWhiteListed = false; shouldApplyRestriction = false; targetSDK = 0; hasRequestedLegacyExternalStorage = false; + hasWriteMediaStorageGrantedForUid = false; } // We have a check in PermissionPolicyService.PermissionToOpSynchroniser.setUidMode @@ -145,8 +151,9 @@ public abstract class SoftRestrictedPermissionPolicy { } @Override public boolean mayAllowExtraAppOp() { - return !shouldApplyRestriction && hasRequestedLegacyExternalStorage - && targetSDK <= Build.VERSION_CODES.Q; + return !shouldApplyRestriction && targetSDK <= Build.VERSION_CODES.Q + && (hasRequestedLegacyExternalStorage + || hasWriteMediaStorageGrantedForUid); } @Override public boolean mayDenyExtraAppOpIfGranted() { @@ -201,6 +208,22 @@ public abstract class SoftRestrictedPermissionPolicy { return false; } + private static boolean hasWriteMediaStorageGrantedForUid(int uid, @NonNull Context context) { + PackageManager packageManager = context.getPackageManager(); + String[] packageNames = packageManager.getPackagesForUid(uid); + if (packageNames == null) { + return false; + } + + for (String packageName : packageNames) { + if (packageManager.checkPermission(WRITE_MEDIA_STORAGE, packageName) + == PERMISSION_GRANTED) { + return true; + } + } + return false; + } + /** * @return If the permission can be granted */ |