diff options
9 files changed, 28 insertions, 121 deletions
diff --git a/core/java/android/os/ZygoteProcess.java b/core/java/android/os/ZygoteProcess.java index 9e332e9b0456..06203ff15094 100644 --- a/core/java/android/os/ZygoteProcess.java +++ b/core/java/android/os/ZygoteProcess.java @@ -657,16 +657,8 @@ public class ZygoteProcess { argsForZygote.add("--runtime-flags=" + runtimeFlags); if (mountExternal == Zygote.MOUNT_EXTERNAL_DEFAULT) { argsForZygote.add("--mount-external-default"); - } else if (mountExternal == Zygote.MOUNT_EXTERNAL_READ) { - argsForZygote.add("--mount-external-read"); - } else if (mountExternal == Zygote.MOUNT_EXTERNAL_WRITE) { - argsForZygote.add("--mount-external-write"); - } else if (mountExternal == Zygote.MOUNT_EXTERNAL_FULL) { - argsForZygote.add("--mount-external-full"); } else if (mountExternal == Zygote.MOUNT_EXTERNAL_INSTALLER) { argsForZygote.add("--mount-external-installer"); - } else if (mountExternal == Zygote.MOUNT_EXTERNAL_LEGACY) { - argsForZygote.add("--mount-external-legacy"); } else if (mountExternal == Zygote.MOUNT_EXTERNAL_PASS_THROUGH) { argsForZygote.add("--mount-external-pass-through"); } else if (mountExternal == Zygote.MOUNT_EXTERNAL_ANDROID_WRITABLE) { diff --git a/core/java/com/android/internal/os/Zygote.java b/core/java/com/android/internal/os/Zygote.java index a985965afe17..5e20cd067589 100644 --- a/core/java/com/android/internal/os/Zygote.java +++ b/core/java/com/android/internal/os/Zygote.java @@ -172,23 +172,11 @@ public final class Zygote { public static final int MOUNT_EXTERNAL_NONE = IVold.REMOUNT_MODE_NONE; /** Default external storage should be mounted. */ public static final int MOUNT_EXTERNAL_DEFAULT = IVold.REMOUNT_MODE_DEFAULT; - /** Read-only external storage should be mounted. */ - public static final int MOUNT_EXTERNAL_READ = IVold.REMOUNT_MODE_READ; - /** Read-write external storage should be mounted. */ - public static final int MOUNT_EXTERNAL_WRITE = IVold.REMOUNT_MODE_WRITE; - /** - * Mount mode for apps that are already installed on the device before the isolated_storage - * feature is enabled. - */ - public static final int MOUNT_EXTERNAL_LEGACY = IVold.REMOUNT_MODE_LEGACY; /** * Mount mode for package installers which should give them access to * all obb dirs in addition to their package sandboxes */ public static final int MOUNT_EXTERNAL_INSTALLER = IVold.REMOUNT_MODE_INSTALLER; - /** Read-write external storage should be mounted instead of package sandbox */ - public static final int MOUNT_EXTERNAL_FULL = IVold.REMOUNT_MODE_FULL; - /** The lower file system should be bind mounted directly on external storage */ public static final int MOUNT_EXTERNAL_PASS_THROUGH = IVold.REMOUNT_MODE_PASS_THROUGH; diff --git a/core/java/com/android/internal/os/ZygoteArguments.java b/core/java/com/android/internal/os/ZygoteArguments.java index ed074327c3c5..32b808ab2528 100644 --- a/core/java/com/android/internal/os/ZygoteArguments.java +++ b/core/java/com/android/internal/os/ZygoteArguments.java @@ -380,16 +380,8 @@ class ZygoteArguments { mNiceName = getAssignmentValue(arg); } else if (arg.equals("--mount-external-default")) { mMountExternal = Zygote.MOUNT_EXTERNAL_DEFAULT; - } else if (arg.equals("--mount-external-read")) { - mMountExternal = Zygote.MOUNT_EXTERNAL_READ; - } else if (arg.equals("--mount-external-write")) { - mMountExternal = Zygote.MOUNT_EXTERNAL_WRITE; - } else if (arg.equals("--mount-external-full")) { - mMountExternal = Zygote.MOUNT_EXTERNAL_FULL; - } else if (arg.equals("--mount-external-installer")) { + } else if (arg.equals("--mount-external-installer")) { mMountExternal = Zygote.MOUNT_EXTERNAL_INSTALLER; - } else if (arg.equals("--mount-external-legacy")) { - mMountExternal = Zygote.MOUNT_EXTERNAL_LEGACY; } else if (arg.equals("--mount-external-pass-through")) { mMountExternal = Zygote.MOUNT_EXTERNAL_PASS_THROUGH; } else if (arg.equals("--mount-external-android-writable")) { diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp index e6bfeccfa8ae..42aab6ad6918 100644 --- a/core/jni/com_android_internal_os_Zygote.cpp +++ b/core/jni/com_android_internal_os_Zygote.cpp @@ -326,31 +326,15 @@ static std::array<UsapTableEntry, USAP_POOL_SIZE_MAX_LIMIT> gUsapTable; static FileDescriptorTable* gOpenFdTable = nullptr; // Must match values in com.android.internal.os.Zygote. -// The order of entries here must be kept in sync with ExternalStorageViews array values. +// Note that there are gaps in the constants: +// This is to further keep the values consistent with IVold.aidl enum MountExternalKind { - MOUNT_EXTERNAL_NONE = 0, - MOUNT_EXTERNAL_DEFAULT = 1, - MOUNT_EXTERNAL_READ = 2, - MOUNT_EXTERNAL_WRITE = 3, - MOUNT_EXTERNAL_LEGACY = 4, - MOUNT_EXTERNAL_INSTALLER = 5, - MOUNT_EXTERNAL_FULL = 6, - MOUNT_EXTERNAL_PASS_THROUGH = 7, - MOUNT_EXTERNAL_ANDROID_WRITABLE = 8, - MOUNT_EXTERNAL_COUNT = 9 -}; - -// The order of entries here must be kept in sync with MountExternalKind enum values. -static const std::array<const std::string, MOUNT_EXTERNAL_COUNT> ExternalStorageViews = { - "", // MOUNT_EXTERNAL_NONE - "/mnt/runtime/default", // MOUNT_EXTERNAL_DEFAULT - "/mnt/runtime/read", // MOUNT_EXTERNAL_READ - "/mnt/runtime/write", // MOUNT_EXTERNAL_WRITE - "/mnt/runtime/write", // MOUNT_EXTERNAL_LEGACY - "/mnt/runtime/write", // MOUNT_EXTERNAL_INSTALLER - "/mnt/runtime/full", // MOUNT_EXTERNAL_FULL - "/mnt/runtime/full", // MOUNT_EXTERNAL_PASS_THROUGH (only used w/ FUSE) - "/mnt/runtime/full", // MOUNT_EXTERNAL_ANDROID_WRITABLE (only used w/ FUSE) + MOUNT_EXTERNAL_NONE = 0, + MOUNT_EXTERNAL_DEFAULT = 1, + MOUNT_EXTERNAL_INSTALLER = 5, + MOUNT_EXTERNAL_PASS_THROUGH = 7, + MOUNT_EXTERNAL_ANDROID_WRITABLE = 8, + MOUNT_EXTERNAL_COUNT = 9 }; // Must match values in com.android.internal.os.Zygote. diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java index 6d774869b391..2d87b7c8c724 100644 --- a/services/core/java/com/android/server/StorageManagerService.java +++ b/services/core/java/com/android/server/StorageManagerService.java @@ -18,9 +18,7 @@ package com.android.server; import static android.Manifest.permission.ACCESS_MTP; import static android.Manifest.permission.INSTALL_PACKAGES; -import static android.Manifest.permission.READ_EXTERNAL_STORAGE; import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; -import static android.Manifest.permission.WRITE_MEDIA_STORAGE; import static android.app.ActivityManager.PROCESS_STATE_NONEXISTENT; import static android.app.AppOpsManager.MODE_ALLOWED; import static android.app.AppOpsManager.OP_LEGACY_STORAGE; @@ -4236,19 +4234,9 @@ class StorageManagerService extends IStorageManager.Stub } // Determine if caller is holding runtime permission - final boolean hasRead = StorageManager.checkPermissionAndCheckOp(mContext, false, 0, - uid, packageName, READ_EXTERNAL_STORAGE, OP_READ_EXTERNAL_STORAGE); final boolean hasWrite = StorageManager.checkPermissionAndCheckOp(mContext, false, 0, uid, packageName, WRITE_EXTERNAL_STORAGE, OP_WRITE_EXTERNAL_STORAGE); - // We're only willing to give out broad access if they also hold - // runtime permission; this is a firm CDD requirement - final boolean hasFull = mIPackageManager.checkUidPermission(WRITE_MEDIA_STORAGE, - uid) == PERMISSION_GRANTED; - if (hasFull && hasWrite) { - return Zygote.MOUNT_EXTERNAL_FULL; - } - // We're only willing to give out installer access if they also hold // runtime permission; this is a firm CDD requirement final boolean hasInstall = mIPackageManager.checkUidPermission(INSTALL_PACKAGES, @@ -4268,19 +4256,7 @@ class StorageManagerService extends IStorageManager.Stub if ((hasInstall || hasInstallOp) && hasWrite) { return Zygote.MOUNT_EXTERNAL_INSTALLER; } - - // Otherwise we're willing to give out sandboxed or non-sandboxed if - // they hold the runtime permission - boolean hasLegacy = mIAppOpsService.checkOperation(OP_LEGACY_STORAGE, - uid, packageName) == MODE_ALLOWED; - - if (hasLegacy && hasWrite) { - return Zygote.MOUNT_EXTERNAL_WRITE; - } else if (hasLegacy && hasRead) { - return Zygote.MOUNT_EXTERNAL_READ; - } else { - return Zygote.MOUNT_EXTERNAL_DEFAULT; - } + return Zygote.MOUNT_EXTERNAL_DEFAULT; } catch (RemoteException e) { // Should not happen } diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java index ffdcd156122e..6df3218593dc 100644 --- a/services/core/java/com/android/server/am/ActivityManagerService.java +++ b/services/core/java/com/android/server/am/ActivityManagerService.java @@ -16492,7 +16492,7 @@ public class ActivityManagerService extends IActivityManager.Stub @Override public int getStorageMountMode(int pid, int uid) { if (uid == SHELL_UID || uid == ROOT_UID) { - return Zygote.MOUNT_EXTERNAL_FULL; + return Zygote.MOUNT_EXTERNAL_DEFAULT; } synchronized (mPidsSelfLocked) { final ProcessRecord pr = mPidsSelfLocked.get(pid); diff --git a/services/core/java/com/android/server/am/ProcessList.java b/services/core/java/com/android/server/am/ProcessList.java index 8e01c4f67689..ed47616d92dc 100644 --- a/services/core/java/com/android/server/am/ProcessList.java +++ b/services/core/java/com/android/server/am/ProcessList.java @@ -92,7 +92,6 @@ import android.os.SystemClock; import android.os.SystemProperties; import android.os.Trace; import android.os.UserHandle; -import android.os.storage.StorageManager; import android.os.storage.StorageManagerInternal; import android.system.Os; import android.text.TextUtils; @@ -1780,14 +1779,10 @@ public final class ProcessList { final IPackageManager pm = AppGlobals.getPackageManager(); permGids = pm.getPackageGids(app.info.packageName, MATCH_DIRECT_BOOT_AUTO, app.userId); - if (StorageManager.hasIsolatedStorage() && mountExtStorageFull) { - mountExternal = Zygote.MOUNT_EXTERNAL_FULL; - } else { - StorageManagerInternal storageManagerInternal = LocalServices.getService( - StorageManagerInternal.class); - mountExternal = storageManagerInternal.getExternalStorageMountMode(uid, - app.info.packageName); - } + StorageManagerInternal storageManagerInternal = LocalServices.getService( + StorageManagerInternal.class); + mountExternal = storageManagerInternal.getExternalStorageMountMode(uid, + app.info.packageName); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } diff --git a/services/core/java/com/android/server/appop/AppOpsService.java b/services/core/java/com/android/server/appop/AppOpsService.java index c1777b847d9b..7dbb39e3cb39 100644 --- a/services/core/java/com/android/server/appop/AppOpsService.java +++ b/services/core/java/com/android/server/appop/AppOpsService.java @@ -1709,24 +1709,13 @@ public class AppOpsService extends IAppOpsService.Stub { if (Process.isIsolated(uid)) { return Zygote.MOUNT_EXTERNAL_NONE; } - if (noteOperation(AppOpsManager.OP_READ_EXTERNAL_STORAGE, uid, - packageName, null, true, "External storage policy", true) - != AppOpsManager.MODE_ALLOWED) { - return Zygote.MOUNT_EXTERNAL_NONE; - } - if (noteOperation(AppOpsManager.OP_WRITE_EXTERNAL_STORAGE, uid, - packageName, null, true, "External storage policy", true) - != AppOpsManager.MODE_ALLOWED) { - return Zygote.MOUNT_EXTERNAL_READ; - } - return Zygote.MOUNT_EXTERNAL_WRITE; + return Zygote.MOUNT_EXTERNAL_DEFAULT; } @Override public boolean hasExternalStorage(int uid, String packageName) { final int mountMode = getMountMode(uid, packageName); - return mountMode == Zygote.MOUNT_EXTERNAL_READ - || mountMode == Zygote.MOUNT_EXTERNAL_WRITE; + return mountMode != Zygote.MOUNT_EXTERNAL_NONE; } }); } diff --git a/services/core/java/com/android/server/pm/PackageManagerService.java b/services/core/java/com/android/server/pm/PackageManagerService.java index 54dbe2e470be..cc1ef86bfb1a 100644 --- a/services/core/java/com/android/server/pm/PackageManagerService.java +++ b/services/core/java/com/android/server/pm/PackageManagerService.java @@ -20,10 +20,8 @@ import static android.Manifest.permission.DELETE_PACKAGES; import static android.Manifest.permission.INSTALL_PACKAGES; import static android.Manifest.permission.MANAGE_DEVICE_ADMINS; import static android.Manifest.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS; -import static android.Manifest.permission.READ_EXTERNAL_STORAGE; import static android.Manifest.permission.REQUEST_DELETE_PACKAGES; import static android.Manifest.permission.SET_HARMFUL_APP_WARNINGS; -import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; import static android.app.AppOpsManager.MODE_ALLOWED; import static android.app.AppOpsManager.MODE_DEFAULT; import static android.app.AppOpsManager.MODE_IGNORED; @@ -92,7 +90,6 @@ import static android.content.pm.PackageManager.MOVE_FAILED_INTERNAL_ERROR; import static android.content.pm.PackageManager.MOVE_FAILED_LOCKED_USER; import static android.content.pm.PackageManager.MOVE_FAILED_OPERATION_PENDING; import static android.content.pm.PackageManager.MOVE_FAILED_SYSTEM_PACKAGE; -import static android.content.pm.PackageManager.PERMISSION_DENIED; import static android.content.pm.PackageManager.PERMISSION_GRANTED; import static android.content.pm.PackageManager.RESTRICTION_NONE; import static android.content.pm.PackageManager.UNINSTALL_REASON_UNKNOWN; @@ -21920,24 +21917,18 @@ public class PackageManagerService extends IPackageManager.Stub mInjector.getStorageManagerInternal().addExternalStoragePolicy( new StorageManagerInternal.ExternalStorageMountPolicy() { - @Override - public int getMountMode(int uid, String packageName) { - if (Process.isIsolated(uid)) { - return Zygote.MOUNT_EXTERNAL_NONE; - } - if (checkUidPermission(READ_EXTERNAL_STORAGE, uid) == PERMISSION_DENIED) { - return Zygote.MOUNT_EXTERNAL_DEFAULT; - } - if (checkUidPermission(WRITE_EXTERNAL_STORAGE, uid) == PERMISSION_DENIED) { - return Zygote.MOUNT_EXTERNAL_READ; - } - return Zygote.MOUNT_EXTERNAL_WRITE; - } + @Override + public int getMountMode(int uid, String packageName) { + if (Process.isIsolated(uid)) { + return Zygote.MOUNT_EXTERNAL_NONE; + } + return Zygote.MOUNT_EXTERNAL_DEFAULT; + } - @Override - public boolean hasExternalStorage(int uid, String packageName) { - return true; - } + @Override + public boolean hasExternalStorage(int uid, String packageName) { + return true; + } }); // Now that we're mostly running, clean up stale users and apps |