diff options
| -rw-r--r-- | core/api/system-current.txt | 2 | ||||
| -rw-r--r-- | core/java/android/os/storage/StorageManager.java | 9 | ||||
| -rw-r--r-- | services/core/java/com/android/server/StorageManagerService.java | 23 |
3 files changed, 12 insertions, 22 deletions
diff --git a/core/api/system-current.txt b/core/api/system-current.txt index d3a726e15ae9..0126199add0c 100644 --- a/core/api/system-current.txt +++ b/core/api/system-current.txt @@ -10003,7 +10003,7 @@ package android.os.storage { method @WorkerThread public long getAllocatableBytes(@NonNull java.util.UUID, @RequiresPermission int) throws java.io.IOException; method @RequiresPermission(android.Manifest.permission.WRITE_MEDIA_STORAGE) public int getExternalStorageMountMode(int, @NonNull String); method public static boolean hasIsolatedStorage(); - method @RequiresPermission(android.Manifest.permission.MANAGE_EXTERNAL_STORAGE) public void updateExternalStorageFileQuotaType(@NonNull java.io.File, int) throws java.io.IOException; + method public void updateExternalStorageFileQuotaType(@NonNull java.io.File, int) throws java.io.IOException; field @RequiresPermission(android.Manifest.permission.ALLOCATE_AGGRESSIVE) public static final int FLAG_ALLOCATE_AGGRESSIVE = 1; // 0x1 field public static final int MOUNT_MODE_EXTERNAL_ANDROID_WRITABLE = 4; // 0x4 field public static final int MOUNT_MODE_EXTERNAL_DEFAULT = 1; // 0x1 diff --git a/core/java/android/os/storage/StorageManager.java b/core/java/android/os/storage/StorageManager.java index 5a7e697bdb47..497bfa6380bc 100644 --- a/core/java/android/os/storage/StorageManager.java +++ b/core/java/android/os/storage/StorageManager.java @@ -2552,7 +2552,7 @@ public class StorageManager { * called on first creation of a new file on external storage, and whenever the * media type of the file is updated later. * - * This API requires MANAGE_EXTERNAL_STORAGE permission and typical implementations + * This API doesn't require any special permissions, though typical implementations * will require being called from an SELinux domain that allows setting file attributes * related to quota (eg the GID or project ID). * @@ -2571,16 +2571,11 @@ public class StorageManager { * @hide */ @SystemApi - @RequiresPermission(android.Manifest.permission.MANAGE_EXTERNAL_STORAGE) public void updateExternalStorageFileQuotaType(@NonNull File path, @QuotaType int quotaType) throws IOException { long projectId; final String filePath = path.getCanonicalPath(); - // MANAGE_EXTERNAL_STORAGE permission is required as FLAG_INCLUDE_SHARED_PROFILE is being - // set while querying getVolumeList. - final StorageVolume[] availableVolumes = getVolumeList(mContext.getUserId(), - FLAG_REAL_STATE | FLAG_INCLUDE_INVISIBLE | FLAG_INCLUDE_SHARED_PROFILE); - final StorageVolume volume = getStorageVolume(availableVolumes, path); + final StorageVolume volume = getStorageVolume(path); if (volume == null) { Log.w(TAG, "Failed to update quota type for " + filePath); return; diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java index 8a429331f766..c4333d96f92e 100644 --- a/services/core/java/com/android/server/StorageManagerService.java +++ b/services/core/java/com/android/server/StorageManagerService.java @@ -3813,13 +3813,6 @@ class StorageManagerService extends IStorageManager.Stub final boolean includeSharedProfile = (flags & StorageManager.FLAG_INCLUDE_SHARED_PROFILE) != 0; - // When the caller is the app actually hosting external storage, we - // should never attempt to augment the actual storage volume state, - // otherwise we risk confusing it with race conditions as users go - // through various unlocked states - final boolean callerIsMediaStore = UserHandle.isSameApp(callingUid, - mMediaStoreAuthorityAppId); - // Only Apps with MANAGE_EXTERNAL_STORAGE should call the API with includeSharedProfile if (includeSharedProfile) { try { @@ -3832,13 +3825,8 @@ class StorageManagerService extends IStorageManager.Stub // Checking first entry in packagesFromUid is enough as using "sharedUserId" // mechanism is rare and discouraged. Also, Apps that share same UID share the same // permissions. - // Allowing Media Provider is an exception, Media Provider process should be allowed - // to query users across profiles, even without MANAGE_EXTERNAL_STORAGE access. - // Note that ordinarily Media provider process has the above permission, but if they - // are revoked, Storage Volume(s) should still be returned. - if (!callerIsMediaStore - && !mStorageManagerInternal.hasExternalStorageAccess(callingUid, - packagesFromUid[0])) { + if (!mStorageManagerInternal.hasExternalStorageAccess(callingUid, + packagesFromUid[0])) { throw new SecurityException("Only File Manager Apps permitted"); } } catch (RemoteException re) { @@ -3851,6 +3839,13 @@ class StorageManagerService extends IStorageManager.Stub // point final boolean systemUserUnlocked = isSystemUnlocked(UserHandle.USER_SYSTEM); + // When the caller is the app actually hosting external storage, we + // should never attempt to augment the actual storage volume state, + // otherwise we risk confusing it with race conditions as users go + // through various unlocked states + final boolean callerIsMediaStore = UserHandle.isSameApp(callingUid, + mMediaStoreAuthorityAppId); + final boolean userIsDemo; final boolean userKeyUnlocked; final boolean storagePermission; |