Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 32e80d75 authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

Permission to view shared storage for all users. 

Typical apps are restricted so they can only view shared storage
belonging to the user they're running as.  However, a handful of
system components need access to shared storage across all users,
such as DefaultContainerService and SystemUI.

Since WRITE_MEDIA_STORAGE already offers this functionality by
bypassing any FUSE emulation, reuse it to grant the "sdcard_rw" GID
which is no longer handed out to third-party apps.  Then we change
the FUSE daemon to allow the "sdcard_rw" GID to see shared storage
of all users.

Bug: 19995822
Change-Id: I504c2a179ba74f142ed0d32da5baa69f4212cd82
parent 1f6c9a12

core/res/AndroidManifest.xml

+0 −4
Original line number Diff line number Diff line
@@ -1517,10 +1517,6 @@ 
    <permission android:name="android.permission.SET_SCREEN_COMPATIBILITY"

        android:protectionLevel="signature" />



    <!-- Allows an application to access all multi-user external storage @hide -->

    <permission android:name="android.permission.ACCESS_ALL_EXTERNAL_STORAGE"

        android:protectionLevel="signature" />



    <!-- @SystemApi Allows an application to modify the current configuration, such

         as locale. -->

    <permission android:name="android.permission.CHANGE_CONFIGURATION"

data/etc/platform.xml

+1 −0
Original line number Diff line number Diff line
@@ -60,6 +60,7 @@ 


    <permission name="android.permission.WRITE_MEDIA_STORAGE" >

        <group gid="media_rw" />

        <group gid="sdcard_rw" />

    </permission>



    <permission name="android.permission.ACCESS_MTP" >

packages/DefaultContainerService/AndroidManifest.xml

+2 −2
Original line number Diff line number Diff line
@@ -5,10 +5,10 @@ 
    <uses-permission android:name="android.permission.ASEC_DESTROY"/>

    <uses-permission android:name="android.permission.ASEC_MOUNT_UNMOUNT"/>

    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />

    <!-- Used to improve MeasureUtils performance on emulated storage -->

    <!-- Used to improve MeasureUtils performance on emulated storage, and to

         view storage for all users -->

    <uses-permission android:name="android.permission.WRITE_MEDIA_STORAGE" />

    <uses-permission android:name="android.permission.ACCESS_CACHE_FILESYSTEM" />

    <uses-permission android:name="android.permission.ACCESS_ALL_EXTERNAL_STORAGE" />



    <application android:label="@string/service_name"

                 android:allowBackup="false">

packages/SystemUI/AndroidManifest.xml

+2 −1
Original line number Diff line number Diff line
@@ -25,7 +25,8 @@ 
    <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />

    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />

    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />

    <uses-permission android:name="android.permission.ACCESS_ALL_EXTERNAL_STORAGE" />

    <!-- Used to read storage for all users -->

    <uses-permission android:name="android.permission.WRITE_MEDIA_STORAGE" />

    <uses-permission android:name="android.permission.WAKE_LOCK" />



    <uses-permission android:name="android.permission.INJECT_EVENTS" />

services/core/java/com/android/server/pm/PackageManagerService.java

+4 −1
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ package com.android.server.pm; 
import static android.Manifest.permission.GRANT_REVOKE_PERMISSIONS;

import static android.Manifest.permission.READ_EXTERNAL_STORAGE;

import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE;

import static android.Manifest.permission.WRITE_MEDIA_STORAGE;

import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DEFAULT;

import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED;

import static android.content.pm.PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED;
@@ -2679,7 +2680,9 @@ public class PackageManagerService extends IPackageManager.Stub { 
        if (Process.isIsolated(uid)) {

            return Zygote.MOUNT_EXTERNAL_NONE;

        } else {

            if (checkUidPermission(WRITE_EXTERNAL_STORAGE, uid) == PERMISSION_GRANTED) {

            if (checkUidPermission(WRITE_MEDIA_STORAGE, uid) == PERMISSION_GRANTED) {

                return Zygote.MOUNT_EXTERNAL_DEFAULT;

            } else if (checkUidPermission(WRITE_EXTERNAL_STORAGE, uid) == PERMISSION_GRANTED) {

                return Zygote.MOUNT_EXTERNAL_WRITE;

            } else if (checkUidPermission(READ_EXTERNAL_STORAGE, uid) == PERMISSION_GRANTED) {

                return Zygote.MOUNT_EXTERNAL_READ;