Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Iterate on storage permissions model."

Browse Source
This commit is contained in:
Jeff Sharkey
2018-11-27 15:51:14 +00:00
committed by Android (Google) Code Review
parent 02a2190ec7 9787a9459d
commit a789183401
8 changed files with 45 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
core/java/android/app/AppOpsManager.java
View File

@@ -1180,11 +1180,11 @@ public class AppOpsManager {
Manifest.permission.ACTIVITY_RECOGNITION,
Manifest.permission.SMS_FINANCIAL_TRANSACTIONS,
Manifest.permission.READ_MEDIA_AUDIO,
Manifest.permission.WRITE_MEDIA_AUDIO,
null, // no permission for OP_WRITE_MEDIA_AUDIO
Manifest.permission.READ_MEDIA_VIDEO,
Manifest.permission.WRITE_MEDIA_VIDEO,
null, // no permission for OP_WRITE_MEDIA_VIDEO
Manifest.permission.READ_MEDIA_IMAGES,
Manifest.permission.WRITE_MEDIA_IMAGES,
null, // no permission for OP_WRITE_MEDIA_IMAGES
};
/**
@@ -1462,11 +1462,11 @@ public class AppOpsManager {
AppOpsManager.MODE_ALLOWED, // ACTIVITY_RECOGNITION
AppOpsManager.MODE_DEFAULT, // SMS_FINANCIAL_TRANSACTIONS
AppOpsManager.MODE_ALLOWED, // READ_MEDIA_AUDIO
AppOpsManager.MODE_ALLOWED, // WRITE_MEDIA_AUDIO
AppOpsManager.MODE_ERRORED, // WRITE_MEDIA_AUDIO
AppOpsManager.MODE_ALLOWED, // READ_MEDIA_VIDEO
AppOpsManager.MODE_ALLOWED, // WRITE_MEDIA_VIDEO
AppOpsManager.MODE_ERRORED, // WRITE_MEDIA_VIDEO
AppOpsManager.MODE_ALLOWED, // READ_MEDIA_IMAGES
AppOpsManager.MODE_ALLOWED, // WRITE_MEDIA_IMAGES
AppOpsManager.MODE_ERRORED, // WRITE_MEDIA_IMAGES
};
/**

32
core/java/android/content/pm/PackageParser.java
View File

@@ -2532,55 +2532,33 @@ public class PackageParser {
final ArraySet<String> newPermissions = new ArraySet<>();
newPermissions.add(android.Manifest.permission.READ_MEDIA_AUDIO);
newPermissions.add(android.Manifest.permission.WRITE_MEDIA_AUDIO);
newPermissions.add(android.Manifest.permission.READ_MEDIA_VIDEO);
newPermissions.add(android.Manifest.permission.WRITE_MEDIA_VIDEO);
newPermissions.add(android.Manifest.permission.READ_MEDIA_IMAGES);
newPermissions.add(android.Manifest.permission.WRITE_MEDIA_IMAGES);
newPermissions.add(android.Manifest.permission.ACCESS_MEDIA_LOCATION);
newPermissions.add(android.Manifest.permission.WRITE_OBB);
final ArraySet<String> dangerousPermissions = new ArraySet<>();
dangerousPermissions.add(android.Manifest.permission.READ_EXTERNAL_STORAGE);
dangerousPermissions.add(android.Manifest.permission.WRITE_EXTERNAL_STORAGE);
final ArraySet<String> removedPermissions = new ArraySet<>();
removedPermissions.add(android.Manifest.permission.READ_EXTERNAL_STORAGE);
removedPermissions.add(android.Manifest.permission.WRITE_EXTERNAL_STORAGE);
for (int i = pkg.permissions.size() - 1; i >= 0; i--) {
final Permission p = pkg.permissions.get(i);
if (newPermissions.contains(p.info.name)) {
pkg.permissions.remove(i);
} else if (dangerousPermissions.contains(p.info.name)) {
p.info.protectionLevel &= ~PermissionInfo.PROTECTION_MASK_BASE;
p.info.protectionLevel |= PermissionInfo.PROTECTION_DANGEROUS;
} else if (removedPermissions.contains(p.info.name)) {
p.info.flags &= ~PermissionInfo.FLAG_REMOVED;
}
}
}
} else {
if (FORCE_AUDIO_PACKAGES.contains(pkg.packageName)) {
pkg.requestedPermissions.add(android.Manifest.permission.READ_MEDIA_AUDIO);
pkg.requestedPermissions.add(android.Manifest.permission.WRITE_MEDIA_AUDIO);
}
if (FORCE_VIDEO_PACKAGES.contains(pkg.packageName)) {
pkg.requestedPermissions.add(android.Manifest.permission.READ_MEDIA_VIDEO);
pkg.requestedPermissions.add(android.Manifest.permission.WRITE_MEDIA_VIDEO);
}
if (FORCE_IMAGES_PACKAGES.contains(pkg.packageName)) {
pkg.requestedPermissions.add(android.Manifest.permission.READ_MEDIA_IMAGES);
pkg.requestedPermissions.add(android.Manifest.permission.WRITE_MEDIA_IMAGES);
}
if (SystemProperties.getBoolean(StorageManager.PROP_FORCE_LEGACY, false)) {
if (pkg.requestedPermissions
.contains(android.Manifest.permission.READ_EXTERNAL_STORAGE)) {
pkg.requestedPermissions.add(android.Manifest.permission.READ_MEDIA_AUDIO);
pkg.requestedPermissions.add(android.Manifest.permission.READ_MEDIA_VIDEO);
pkg.requestedPermissions.add(android.Manifest.permission.READ_MEDIA_IMAGES);
}
if (pkg.requestedPermissions
.contains(android.Manifest.permission.WRITE_EXTERNAL_STORAGE)) {
pkg.requestedPermissions.add(android.Manifest.permission.WRITE_MEDIA_AUDIO);
pkg.requestedPermissions.add(android.Manifest.permission.WRITE_MEDIA_VIDEO);
pkg.requestedPermissions.add(android.Manifest.permission.WRITE_MEDIA_IMAGES);
}
}
}

2
core/java/android/os/storage/StorageManager.java
View File

@@ -137,8 +137,6 @@ public class StorageManager {
public static final String PROP_FORCE_VIDEO = "persist.fw.force_video";
/** {@hide} */
public static final String PROP_FORCE_IMAGES = "persist.fw.force_images";
/** {@hide} */
public static final String PROP_FORCE_LEGACY = "persist.fw.force_legacy";
/** {@hide} */
public static final String UUID_PRIVATE_INTERNAL = null;

11
core/java/com/android/server/SystemConfig.java
View File

@@ -25,6 +25,7 @@ import android.content.pm.PackageManager;
import android.os.Build;
import android.os.Environment;
import android.os.Process;
import android.os.SystemProperties;
import android.os.storage.StorageManager;
import android.permission.PermissionManager.SplitPermissionInfo;
import android.text.TextUtils;
@@ -930,6 +931,16 @@ public class SystemConfig {
XmlUtils.skipCurrentTag(parser);
}
}
// If the storage model feature flag is disabled, we need to fiddle
// around with permission definitions to return us to pre-Q behavior.
// STOPSHIP(b/112545973): remove once feature enabled by default
if (!SystemProperties.getBoolean(StorageManager.PROP_ISOLATED_STORAGE, false)) {
if (newPermissions.contains(android.Manifest.permission.READ_MEDIA_AUDIO) ||
newPermissions.contains(android.Manifest.permission.READ_MEDIA_VIDEO) ||
newPermissions.contains(android.Manifest.permission.READ_MEDIA_IMAGES)) {
return;
}
}
if (!newPermissions.isEmpty()) {
mSplitPermissions.add(new SplitPermissionInfo(splitPerm, newPermissions, targetSdk));
}