Remove legacy WRITE_EXTERNAL_STORAGE permission check for Installers (33e2c500) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/StorageManagerService.java

+2 −8

Original line number	Original line	Diff line number	Diff line
	@@ -19,12 +19,10 @@ package com.android.server;
	import static android.Manifest.permission.ACCESS_MTP;		import static android.Manifest.permission.ACCESS_MTP;
	import static android.Manifest.permission.INSTALL_PACKAGES;		import static android.Manifest.permission.INSTALL_PACKAGES;
	import static android.Manifest.permission.MANAGE_EXTERNAL_STORAGE;		import static android.Manifest.permission.MANAGE_EXTERNAL_STORAGE;
	import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE;
	import static android.app.AppOpsManager.MODE_ALLOWED;		import static android.app.AppOpsManager.MODE_ALLOWED;
	import static android.app.AppOpsManager.OP_LEGACY_STORAGE;		import static android.app.AppOpsManager.OP_LEGACY_STORAGE;
	import static android.app.AppOpsManager.OP_MANAGE_EXTERNAL_STORAGE;		import static android.app.AppOpsManager.OP_MANAGE_EXTERNAL_STORAGE;
	import static android.app.AppOpsManager.OP_REQUEST_INSTALL_PACKAGES;		import static android.app.AppOpsManager.OP_REQUEST_INSTALL_PACKAGES;
	import static android.app.AppOpsManager.OP_WRITE_EXTERNAL_STORAGE;
	import static android.app.PendingIntent.FLAG_CANCEL_CURRENT;		import static android.app.PendingIntent.FLAG_CANCEL_CURRENT;
	import static android.app.PendingIntent.FLAG_IMMUTABLE;		import static android.app.PendingIntent.FLAG_IMMUTABLE;
	import static android.app.PendingIntent.FLAG_ONE_SHOT;		import static android.app.PendingIntent.FLAG_ONE_SHOT;
	@@ -4505,11 +4503,7 @@ class StorageManagerService extends IStorageManager.Stub
	}		}
	}		}

	// Determine if caller is holding runtime permission		// We're only willing to give out installer access if they hold
	final boolean hasWrite = StorageManager.checkPermissionAndCheckOp(mContext, false, 0,
	uid, packageName, WRITE_EXTERNAL_STORAGE, OP_WRITE_EXTERNAL_STORAGE);

	// We're only willing to give out installer access if they also hold
	// runtime permission; this is a firm CDD requirement		// runtime permission; this is a firm CDD requirement
	final boolean hasInstall = mIPackageManager.checkUidPermission(INSTALL_PACKAGES,		final boolean hasInstall = mIPackageManager.checkUidPermission(INSTALL_PACKAGES,
	uid) == PERMISSION_GRANTED;		uid) == PERMISSION_GRANTED;
	@@ -4525,7 +4519,7 @@ class StorageManagerService extends IStorageManager.Stub
	break;		break;
	}		}
	}		}
	if ((hasInstall \|\| hasInstallOp) && hasWrite) {		if (hasInstall \|\| hasInstallOp) {
	return StorageManager.MOUNT_MODE_EXTERNAL_INSTALLER;		return StorageManager.MOUNT_MODE_EXTERNAL_INSTALLER;
	}		}
	return StorageManager.MOUNT_MODE_EXTERNAL_DEFAULT;		return StorageManager.MOUNT_MODE_EXTERNAL_DEFAULT;