Merge "Block write access to media for non-owners." into qt-dev

import static android.Manifest.permission.READ_EXTERNAL_STORAGE;

import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE;

import static android.app.AppOpsManager.OP_LEGACY_STORAGE;

import static android.app.AppOpsManager.OP_READ_EXTERNAL_STORAGE;

import static android.app.AppOpsManager.OP_READ_MEDIA_AUDIO;

import static android.app.AppOpsManager.OP_READ_MEDIA_IMAGES;

        return checkPermissionAndAppOp(mContext, enforce, pid, uid, packageName, permission, op);

    }

    private boolean noteAppOpAllowingLegacy(boolean enforce,

            int pid, int uid, String packageName, int op) {

        final int mode = mAppOps.noteOpNoThrow(op, uid, packageName);

        switch (mode) {

            case AppOpsManager.MODE_ALLOWED:

                return true;

            case AppOpsManager.MODE_DEFAULT:

            case AppOpsManager.MODE_IGNORED:

            case AppOpsManager.MODE_ERRORED:

                // Legacy apps technically have the access granted by this op,

                // even when the op is denied

                if ((mAppOps.checkOpNoThrow(OP_LEGACY_STORAGE, uid,

                        packageName) == AppOpsManager.MODE_ALLOWED)) return true;

                if (enforce) {

                    throw new SecurityException("Op " + AppOpsManager.opToName(op) + " "

                            + AppOpsManager.modeToName(mode) + " for package " + packageName);

                } else {

                    return false;

                }

            default:

                throw new IllegalStateException(

                        AppOpsManager.opToName(op) + " has unknown mode "

                                + AppOpsManager.modeToName(mode));

        }

    }

    // Callers must hold both the old and new permissions, so that we can

    // handle obscure cases like when an app targets Q but was installed on

    // a device that was originally running on P before being upgraded to Q.

            int pid, int uid, String packageName) {

        if (!checkPermissionAndAppOp(enforce, pid, uid, packageName,

                READ_EXTERNAL_STORAGE, OP_READ_EXTERNAL_STORAGE)) return false;

        mAppOps.noteOpNoThrow(OP_READ_MEDIA_AUDIO, uid, packageName);

        return true;

        return noteAppOpAllowingLegacy(enforce, pid, uid, packageName, OP_READ_MEDIA_AUDIO);

    }

    /** {@hide} */

            int pid, int uid, String packageName) {

        if (!checkPermissionAndAppOp(enforce, pid, uid, packageName,

                WRITE_EXTERNAL_STORAGE, OP_WRITE_EXTERNAL_STORAGE)) return false;

        mAppOps.noteOpNoThrow(OP_WRITE_MEDIA_AUDIO, uid, packageName);

        return true;

        return noteAppOpAllowingLegacy(enforce, pid, uid, packageName, OP_WRITE_MEDIA_AUDIO);

    }

    /** {@hide} */

            int pid, int uid, String packageName) {

        if (!checkPermissionAndAppOp(enforce, pid, uid, packageName,

                READ_EXTERNAL_STORAGE, OP_READ_EXTERNAL_STORAGE)) return false;

        mAppOps.noteOpNoThrow(OP_READ_MEDIA_VIDEO, uid, packageName);

        return true;

        return noteAppOpAllowingLegacy(enforce, pid, uid, packageName, OP_READ_MEDIA_VIDEO);

    }

    /** {@hide} */

            int pid, int uid, String packageName) {

        if (!checkPermissionAndAppOp(enforce, pid, uid, packageName,

                WRITE_EXTERNAL_STORAGE, OP_WRITE_EXTERNAL_STORAGE)) return false;

        mAppOps.noteOpNoThrow(OP_WRITE_MEDIA_VIDEO, uid, packageName);

        return true;

        return noteAppOpAllowingLegacy(enforce, pid, uid, packageName, OP_WRITE_MEDIA_VIDEO);

    }

    /** {@hide} */

            int pid, int uid, String packageName) {

        if (!checkPermissionAndAppOp(enforce, pid, uid, packageName,

                READ_EXTERNAL_STORAGE, OP_READ_EXTERNAL_STORAGE)) return false;

        mAppOps.noteOpNoThrow(OP_READ_MEDIA_IMAGES, uid, packageName);

        return true;

        return noteAppOpAllowingLegacy(enforce, pid, uid, packageName, OP_READ_MEDIA_IMAGES);

    }

    /** {@hide} */

            int pid, int uid, String packageName) {

        if (!checkPermissionAndAppOp(enforce, pid, uid, packageName,

                WRITE_EXTERNAL_STORAGE, OP_WRITE_EXTERNAL_STORAGE)) return false;

        mAppOps.noteOpNoThrow(OP_WRITE_MEDIA_IMAGES, uid, packageName);

        return true;

        return noteAppOpAllowingLegacy(enforce, pid, uid, packageName, OP_WRITE_MEDIA_IMAGES);

    }

    /** {@hide} */