From 87eacab57a9544f7b824da7e87ace2655e020d12 Mon Sep 17 00:00:00 2001 From: Zim Date: Fri, 24 Jan 2020 01:03:09 +0000 Subject: Grant apps with WRITE_MEDIA_STORAGE legacy storage appop An app can now have legacy storage access in 3 mutually exclusive ways: 1. Targeting < Q 2. Targeting <=Q and explicitly requesting legacy access 3. Targeting <=Q and having the WRITE_MEDIA_STORAGE permission In other words an app targeting R has no way to have legacy storage access. Its only option is to request MANAGE_EXTERNAL_STORAGE access Test: Verify via dumpsys the conditions above Bug: 144914977 Change-Id: I3c868cd9b4da4083517dd64b3a3888aea4060f18 --- .../policy/SoftRestrictedPermissionPolicy.java | 27 ++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/services/core/java/com/android/server/policy/SoftRestrictedPermissionPolicy.java b/services/core/java/com/android/server/policy/SoftRestrictedPermissionPolicy.java index f3a60185bfb6..81ec46634e8a 100644 --- a/services/core/java/com/android/server/policy/SoftRestrictedPermissionPolicy.java +++ b/services/core/java/com/android/server/policy/SoftRestrictedPermissionPolicy.java @@ -18,12 +18,14 @@ package com.android.server.policy; import static android.Manifest.permission.READ_EXTERNAL_STORAGE; import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; +import static android.Manifest.permission.WRITE_MEDIA_STORAGE; import static android.app.AppOpsManager.OP_LEGACY_STORAGE; import static android.app.AppOpsManager.OP_NONE; import static android.content.pm.PackageManager.FLAG_PERMISSION_APPLY_RESTRICTION; import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT; import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT; import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT; +import static android.content.pm.PackageManager.PERMISSION_GRANTED; import static java.lang.Integer.min; @@ -114,6 +116,7 @@ public abstract class SoftRestrictedPermissionPolicy { boolean shouldApplyRestriction; final int targetSDK; final boolean hasRequestedLegacyExternalStorage; + final boolean hasWriteMediaStorageGrantedForUid; if (appInfo != null) { PackageManager pm = context.getPackageManager(); @@ -123,11 +126,14 @@ public abstract class SoftRestrictedPermissionPolicy { targetSDK = getMinimumTargetSDK(context, appInfo, user); hasRequestedLegacyExternalStorage = hasUidRequestedLegacyExternalStorage( appInfo.uid, context); + hasWriteMediaStorageGrantedForUid = hasWriteMediaStorageGrantedForUid( + appInfo.uid, context); } else { isWhiteListed = false; shouldApplyRestriction = false; targetSDK = 0; hasRequestedLegacyExternalStorage = false; + hasWriteMediaStorageGrantedForUid = false; } // We have a check in PermissionPolicyService.PermissionToOpSynchroniser.setUidMode @@ -145,8 +151,9 @@ public abstract class SoftRestrictedPermissionPolicy { } @Override public boolean mayAllowExtraAppOp() { - return !shouldApplyRestriction && hasRequestedLegacyExternalStorage - && targetSDK <= Build.VERSION_CODES.Q; + return !shouldApplyRestriction && targetSDK <= Build.VERSION_CODES.Q + && (hasRequestedLegacyExternalStorage + || hasWriteMediaStorageGrantedForUid); } @Override public boolean mayDenyExtraAppOpIfGranted() { @@ -201,6 +208,22 @@ public abstract class SoftRestrictedPermissionPolicy { return false; } + private static boolean hasWriteMediaStorageGrantedForUid(int uid, @NonNull Context context) { + PackageManager packageManager = context.getPackageManager(); + String[] packageNames = packageManager.getPackagesForUid(uid); + if (packageNames == null) { + return false; + } + + for (String packageName : packageNames) { + if (packageManager.checkPermission(WRITE_MEDIA_STORAGE, packageName) + == PERMISSION_GRANTED) { + return true; + } + } + return false; + } + /** * @return If the permission can be granted */ -- cgit v1.2.3-59-g8ed1b