am cd586258: Merge "Enforce READ_EXTERNAL through Settings.Secure." into jb-dev

* commit 'cd5862586ab555b53ffd0a62488843838d1aa94d': Enforce READ_EXTERNAL through Settings.Secure.
2012-05-11 15:49:00 -07:00
parent 07827454ef cd5862586a
commit f2fe4cb11b
4 changed files with 16 additions and 11 deletions
--- a/core/java/android/content/pm/PackageManager.java
+++ b/core/java/android/content/pm/PackageManager.java
@@ -23,7 +23,6 @@ import android.content.Context;
 import android.content.Intent;
 import android.content.IntentFilter;
 import android.content.IntentSender;
-import android.content.pm.ManifestDigest;
 import android.content.res.Resources;
 import android.content.res.XmlResourceParser;
 import android.graphics.drawable.Drawable;
@@ -1090,10 +1089,6 @@ public abstract class PackageManager {
    public static final String EXTRA_VERIFICATION_INSTALL_FLAGS
            = "android.content.pm.extra.VERIFICATION_INSTALL_FLAGS";

-    /** {@hide} */
-    // TODO: enable this for userdebug and eng builds; see 6389556
-    public static final boolean DEFAULT_ENFORCE_READ_EXTERNAL_STORAGE = false;
-
    /**
     * Retrieve overall information about an application package that is
     * installed on the system.
--- a/core/java/android/provider/Settings.java
+++ b/core/java/android/provider/Settings.java
@@ -4253,6 +4253,10 @@ public final class Settings {
        /** Timeout for package verification. {@hide} */
        public static final String PACKAGE_VERIFIER_TIMEOUT = "verifier_timeout";

+        /** {@hide} */
+        public static final String
+                READ_EXTERNAL_STORAGE_ENFORCED_DEFAULT = "read_external_storage_enforced_default";
+
        /**
         * Duration in milliseconds before pre-authorized URIs for the contacts
         * provider should expire.
--- a/services/java/com/android/server/pm/PackageManagerService.java
+++ b/services/java/com/android/server/pm/PackageManagerService.java
@@ -98,6 +98,7 @@ import android.os.ServiceManager;
 import android.os.SystemClock;
 import android.os.SystemProperties;
 import android.os.UserId;
+import android.provider.Settings.Secure;
 import android.security.SystemKeyStore;
 import android.util.DisplayMetrics;
 import android.util.EventLog;
@@ -9259,7 +9260,8 @@ public class PackageManagerService extends IPackageManager.Stub {
        mContext.enforceCallingOrSelfPermission(GRANT_REVOKE_PERMISSIONS, null);
        if (READ_EXTERNAL_STORAGE.equals(permission)) {
            synchronized (mPackages) {
-                if (mSettings.mReadExternalStorageEnforced != enforced) {
+                if (mSettings.mReadExternalStorageEnforced == null
+                        || mSettings.mReadExternalStorageEnforced != enforced) {
                    mSettings.mReadExternalStorageEnforced = enforced;
                    mSettings.writeLPr();

@@ -9284,7 +9286,6 @@ public class PackageManagerService extends IPackageManager.Stub {

    @Override
    public boolean isPermissionEnforced(String permission) {
-        mContext.enforceCallingOrSelfPermission(GRANT_REVOKE_PERMISSIONS, null);
        synchronized (mPackages) {
            return isPermissionEnforcedLocked(permission);
        }
@@ -9292,7 +9293,13 @@ public class PackageManagerService extends IPackageManager.Stub {

    private boolean isPermissionEnforcedLocked(String permission) {
        if (READ_EXTERNAL_STORAGE.equals(permission)) {
-            return mSettings.mReadExternalStorageEnforced;
+            if (mSettings.mReadExternalStorageEnforced != null) {
+                return mSettings.mReadExternalStorageEnforced;
+            } else {
+                // if user hasn't defined, fall back to secure default
+                return Secure.getInt(mContext.getContentResolver(),
+                        Secure.READ_EXTERNAL_STORAGE_ENFORCED_DEFAULT, 0) != 0;
+            }
        } else {
            return true;
        }
--- a/services/java/com/android/server/pm/Settings.java
+++ b/services/java/com/android/server/pm/Settings.java
@@ -111,7 +111,7 @@ final class Settings {
    int mInternalSdkPlatform;
    int mExternalSdkPlatform;

-    boolean mReadExternalStorageEnforced = PackageManager.DEFAULT_ENFORCE_READ_EXTERNAL_STORAGE;
+    Boolean mReadExternalStorageEnforced;

    /** Device identity for the purpose of package verification. */
    private VerifierDeviceIdentity mVerifierDeviceIdentity;
@@ -1147,8 +1147,7 @@ final class Settings {
                serializer.endTag(null, "verifier");
            }

-            if (mReadExternalStorageEnforced
-                    != PackageManager.DEFAULT_ENFORCE_READ_EXTERNAL_STORAGE) {
+            if (mReadExternalStorageEnforced != null) {
                serializer.startTag(null, TAG_READ_EXTERNAL_STORAGE);
                serializer.attribute(
                        null, ATTR_ENFORCEMENT, mReadExternalStorageEnforced ? "1" : "0");