Merge "Don't allow non-admins to adopt sd card for internal storage" into mnc-dev

2015-06-30 23:00:06 +00:00
parent 081ddbe296 462ac3a2aa
commit 2b64ec470c
2 changed files with 27 additions and 0 deletions
--- a/core/java/android/os/UserManager.java
+++ b/core/java/android/os/UserManager.java
@@ -571,6 +571,16 @@ public class UserManager {
        return UserHandle.myUserId() == UserHandle.USER_OWNER;
    }

+    /**
+     * @hide
+     * Returns whether the caller is running as an admin user. There can be more than one admin
+     * user.
+     */
+    public boolean isAdminUser() {
+        UserInfo user = getUserInfo(UserHandle.myUserId());
+        return user != null ? user.isAdmin() : false;
+    }
+
    /**
     * Used to check if the user making this call is linked to another user. Linked users may have
     * a reduced number of available apps, app restrictions and account restrictions.
--- a/services/core/java/com/android/server/MountService.java
+++ b/services/core/java/com/android/server/MountService.java
@@ -1202,6 +1202,21 @@ class MountService extends IMountService.Stub
        }
    }

+    private void enforceAdminUser() {
+        UserManager um = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
+        final int callingUserId = UserHandle.getCallingUserId();
+        boolean isAdmin;
+        long token = Binder.clearCallingIdentity();
+        try {
+            isAdmin = um.getUserInfo(callingUserId).isAdmin();
+        } finally {
+            Binder.restoreCallingIdentity(token);
+        }
+        if (!isAdmin) {
+            throw new SecurityException("Only admin users can adopt sd cards");
+        }
+    }
+
    /**
     * Constructs a new MountService instance
     *
@@ -1537,6 +1552,7 @@ class MountService extends IMountService.Stub
    @Override
    public void partitionPrivate(String diskId) {
        enforcePermission(android.Manifest.permission.MOUNT_FORMAT_FILESYSTEMS);
+        enforceAdminUser();
        waitForReady();

        final CountDownLatch latch = findOrCreateDiskScanLatch(diskId);
@@ -1551,6 +1567,7 @@ class MountService extends IMountService.Stub
    @Override
    public void partitionMixed(String diskId, int ratio) {
        enforcePermission(android.Manifest.permission.MOUNT_FORMAT_FILESYSTEMS);
+        enforceAdminUser();
        waitForReady();

        final CountDownLatch latch = findOrCreateDiskScanLatch(diskId);