Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Respect MANAGE_EXTERNAL_STORAGE in checks for READ/WRITE_EXTERNAL_STORAGE" into rvc-dev

Browse Source
This commit is contained in:
Nikita Ioffe
2020-06-16 10:02:49 +00:00
committed by Android (Google) Code Review
parent 1c2e8eafff fc3a740282
commit 27d6605c52
1 changed files with 26 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
core/java/android/os/storage/StorageManager.java
View File

@@ -16,9 +16,11 @@
package android.os.storage;
import static android.Manifest.permission.MANAGE_EXTERNAL_STORAGE;
import static android.Manifest.permission.READ_EXTERNAL_STORAGE;
import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE;
import static android.app.AppOpsManager.OP_LEGACY_STORAGE;
import static android.app.AppOpsManager.OP_MANAGE_EXTERNAL_STORAGE;
import static android.app.AppOpsManager.OP_READ_EXTERNAL_STORAGE;
import static android.app.AppOpsManager.OP_READ_MEDIA_AUDIO;
import static android.app.AppOpsManager.OP_READ_MEDIA_IMAGES;
@@ -1853,7 +1855,7 @@ public class StorageManager {
/** {@hide} */
public boolean checkPermissionReadAudio(boolean enforce,
int pid, int uid, String packageName, @Nullable String featureId) {
if (!checkPermissionAndAppOp(enforce, pid, uid, packageName, featureId,
if (!checkExternalStoragePermissionAndAppOp(enforce, pid, uid, packageName, featureId,
READ_EXTERNAL_STORAGE, OP_READ_EXTERNAL_STORAGE)) {
return false;
}
@@ -1864,7 +1866,7 @@ public class StorageManager {
/** {@hide} */
public boolean checkPermissionWriteAudio(boolean enforce,
int pid, int uid, String packageName, @Nullable String featureId) {
if (!checkPermissionAndAppOp(enforce, pid, uid, packageName, featureId,
if (!checkExternalStoragePermissionAndAppOp(enforce, pid, uid, packageName, featureId,
WRITE_EXTERNAL_STORAGE, OP_WRITE_EXTERNAL_STORAGE)) {
return false;
}
@@ -1875,7 +1877,7 @@ public class StorageManager {
/** {@hide} */
public boolean checkPermissionReadVideo(boolean enforce,
int pid, int uid, String packageName, @Nullable String featureId) {
if (!checkPermissionAndAppOp(enforce, pid, uid, packageName, featureId,
if (!checkExternalStoragePermissionAndAppOp(enforce, pid, uid, packageName, featureId,
READ_EXTERNAL_STORAGE, OP_READ_EXTERNAL_STORAGE)) {
return false;
}
@@ -1886,7 +1888,7 @@ public class StorageManager {
/** {@hide} */
public boolean checkPermissionWriteVideo(boolean enforce,
int pid, int uid, String packageName, @Nullable String featureId) {
if (!checkPermissionAndAppOp(enforce, pid, uid, packageName, featureId,
if (!checkExternalStoragePermissionAndAppOp(enforce, pid, uid, packageName, featureId,
WRITE_EXTERNAL_STORAGE, OP_WRITE_EXTERNAL_STORAGE)) {
return false;
}
@@ -1897,7 +1899,7 @@ public class StorageManager {
/** {@hide} */
public boolean checkPermissionReadImages(boolean enforce,
int pid, int uid, String packageName, @Nullable String featureId) {
if (!checkPermissionAndAppOp(enforce, pid, uid, packageName, featureId,
if (!checkExternalStoragePermissionAndAppOp(enforce, pid, uid, packageName, featureId,
READ_EXTERNAL_STORAGE, OP_READ_EXTERNAL_STORAGE)) {
return false;
}
@@ -1908,7 +1910,7 @@ public class StorageManager {
/** {@hide} */
public boolean checkPermissionWriteImages(boolean enforce,
int pid, int uid, String packageName, @Nullable String featureId) {
if (!checkPermissionAndAppOp(enforce, pid, uid, packageName, featureId,
if (!checkExternalStoragePermissionAndAppOp(enforce, pid, uid, packageName, featureId,
WRITE_EXTERNAL_STORAGE, OP_WRITE_EXTERNAL_STORAGE)) {
return false;
}
@@ -1916,6 +1918,24 @@ public class StorageManager {
OP_WRITE_MEDIA_IMAGES);
}
private boolean checkExternalStoragePermissionAndAppOp(boolean enforce,
int pid, int uid, String packageName, @Nullable String featureId, String permission,
int op) {
// First check if app has MANAGE_EXTERNAL_STORAGE.
final int mode = mAppOps.noteOpNoThrow(OP_MANAGE_EXTERNAL_STORAGE, uid, packageName,
featureId, null);
if (mode == AppOpsManager.MODE_ALLOWED) {
return true;
}
if (mode == AppOpsManager.MODE_DEFAULT && mContext.checkPermission(
MANAGE_EXTERNAL_STORAGE, pid, uid) == PERMISSION_GRANTED) {
return true;
}
// If app doesn't have MANAGE_EXTERNAL_STORAGE, then check if it has requested granular
// permission.
return checkPermissionAndAppOp(enforce, pid, uid, packageName, featureId, permission, op);
}
/** {@hide} */
@VisibleForTesting
public @NonNull ParcelFileDescriptor openProxyFileDescriptor(