diff options
| author | 2020-02-28 19:01:49 +0000 | |
|---|---|---|
| committer | 2020-02-28 19:05:26 +0000 | |
| commit | c93da80012d11efe705a6e74777b7ed8a7f5020d (patch) | |
| tree | 939b04cb8c20bd85e7f80393fc219d5830031902 | |
| parent | 20905ec041cc1741d1e4297a3e8e43ed07f929e4 (diff) | |
Clear calling identity in StorageManagerService#onAppopsChanged
It turns out StorageManagerService#onAppopsChanged runs with the
calling identity of the app setting the uid.
We should run with system_server calling identity before calling into
ActivityManagerService to kill an app when appops changed
Test: PackageInstaller doesn't get killed
Bug: 149895648
Change-Id: I584b1ee340203d8653941fe325ff9bb01ec04ab6
| -rw-r--r-- | services/core/java/com/android/server/StorageManagerService.java | 54 |
1 files changed, 27 insertions, 27 deletions
diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java index 95bfbd72dc56..966c0a822f43 100644 --- a/services/core/java/com/android/server/StorageManagerService.java +++ b/services/core/java/com/android/server/StorageManagerService.java @@ -4497,42 +4497,42 @@ class StorageManagerService extends IStorageManager.Stub } public void onAppOpsChanged(int code, int uid, @Nullable String packageName, int mode) { - if (mIsFuseEnabled) { - // When using FUSE, we may need to kill the app if the op changes - switch(code) { - case OP_REQUEST_INSTALL_PACKAGES: - // Always kill regardless of op change, to remount apps /storage - killAppForOpChange(code, uid, packageName); - return; - case OP_MANAGE_EXTERNAL_STORAGE: - if (mode != MODE_ALLOWED) { - // Only kill if op is denied, to lose external_storage gid - // Killing when op is granted to pickup the gid automatically, results - // in a bad UX, especially since the gid only gives access to unreliable - // volumes, USB OTGs that are rarely mounted. The app will get the - // external_storage gid on next organic restart. + final long token = Binder.clearCallingIdentity(); + try { + if (mIsFuseEnabled) { + // When using FUSE, we may need to kill the app if the op changes + switch(code) { + case OP_REQUEST_INSTALL_PACKAGES: + // Always kill regardless of op change, to remount apps /storage killAppForOpChange(code, uid, packageName); - } - return; - case OP_LEGACY_STORAGE: - updateLegacyStorageApps(packageName, uid, mode == MODE_ALLOWED); - return; + return; + case OP_MANAGE_EXTERNAL_STORAGE: + if (mode != MODE_ALLOWED) { + // Only kill if op is denied, to lose external_storage gid + // Killing when op is granted to pickup the gid automatically, + // results in a bad UX, especially since the gid only gives access + // to unreliable volumes, USB OTGs that are rarely mounted. The app + // will get the external_storage gid on next organic restart. + killAppForOpChange(code, uid, packageName); + } + return; + case OP_LEGACY_STORAGE: + updateLegacyStorageApps(packageName, uid, mode == MODE_ALLOWED); + return; + } } - } - if (mode == MODE_ALLOWED && (code == OP_READ_EXTERNAL_STORAGE - || code == OP_WRITE_EXTERNAL_STORAGE - || code == OP_REQUEST_INSTALL_PACKAGES)) { - final long token = Binder.clearCallingIdentity(); - try { + if (mode == MODE_ALLOWED && (code == OP_READ_EXTERNAL_STORAGE + || code == OP_WRITE_EXTERNAL_STORAGE + || code == OP_REQUEST_INSTALL_PACKAGES)) { final UserManagerInternal userManagerInternal = LocalServices.getService(UserManagerInternal.class); if (userManagerInternal.isUserInitialized(UserHandle.getUserId(uid))) { onExternalStoragePolicyChanged(uid, packageName); } - } finally { - Binder.restoreCallingIdentity(token); } + } finally { + Binder.restoreCallingIdentity(token); } } } |