Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Allow sandboxed apps to access only package specific dirs." into qt-dev

Browse Source
This commit is contained in:
Sudheer Shanka
2019-04-17 22:07:47 +00:00
committed by Android (Google) Code Review
parent 6805b6ae0d 783c90e9b4
commit d6d09d952b
2 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
core/jni/com_android_internal_os_Zygote.cpp
View File

@@ -875,8 +875,12 @@ static void MountEmulatedStorage(uid_t uid, jint mount_mode,
storage_source = "/mnt/runtime/default";
} else if (mount_mode == MOUNT_EXTERNAL_READ) {
storage_source = "/mnt/runtime/read";
} else if (mount_mode == MOUNT_EXTERNAL_WRITE) {
} else if (mount_mode == MOUNT_EXTERNAL_WRITE
|| mount_mode == MOUNT_EXTERNAL_LEGACY
|| mount_mode == MOUNT_EXTERNAL_INSTALLER) {
storage_source = "/mnt/runtime/write";
} else if (mount_mode == MOUNT_EXTERNAL_FULL) {
storage_source = "/mnt/runtime/full";
} else if (mount_mode == MOUNT_EXTERNAL_NONE && !force_mount_namespace) {
// Sane default of no storage visible
return;
@@ -892,7 +896,8 @@ static void MountEmulatedStorage(uid_t uid, jint mount_mode,
return;
}
if (GetBoolProperty(kIsolatedStorageSnapshot, GetBoolProperty(kIsolatedStorage, true))) {
if (/* DISABLES CODE */ (false)
&& GetBoolProperty(kIsolatedStorageSnapshot, GetBoolProperty(kIsolatedStorage, true))) {
if (mount_mode == MOUNT_EXTERNAL_FULL || mount_mode == MOUNT_EXTERNAL_LEGACY) {
storage_source = (mount_mode == MOUNT_EXTERNAL_FULL)
? "/mnt/runtime/full" : "/mnt/runtime/write";

5
services/core/java/com/android/server/StorageManagerService.java
View File

@@ -1683,6 +1683,7 @@ class StorageManagerService extends IStorageManager.Stub
ServiceManager.getService(Context.APP_OPS_SERVICE));
try {
mIAppOpsService.startWatchingMode(OP_REQUEST_INSTALL_PACKAGES, null, mAppOpsCallback);
mIAppOpsService.startWatchingMode(OP_LEGACY_STORAGE, null, mAppOpsCallback);
} catch (RemoteException e) {
}
}
@@ -3335,7 +3336,7 @@ class StorageManagerService extends IStorageManager.Stub
}
private String translateInternal(String path, int pid, int uid, boolean toSystem) {
if (!ENABLE_ISOLATED_STORAGE) return path;
if (true) return path;
if (path.contains("/../")) {
throw new SecurityException("Shady looking path " + path);
@@ -3761,7 +3762,7 @@ class StorageManagerService extends IStorageManager.Stub
if (hasLegacy && hasStorage) {
return Zygote.MOUNT_EXTERNAL_LEGACY;
} else {
return Zygote.MOUNT_EXTERNAL_WRITE;
return Zygote.MOUNT_EXTERNAL_DEFAULT;
}
} catch (RemoteException e) {
// Should not happen