Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 36e16b2e authored by Zim's avatar Zim Committed by Zimuzo Ezeozue
Browse files

Restrict access_mtp permission access to Android/ 

Ensure only platform signed apps holding the access_mtp permission can
access the sensitive Android/

TODO: On devices without sdcardfs, will also need to give the two new
ext_data_rw and ext_obb_rw gids to these processes. May need to do
same for apps with pass_through mount mode as well

Test: MTP app still has sdcard_rw
Bug: 148555237

Change-Id: I140a2ffec8a5887c7cd25d6976ee19555f2a47c1
parent f6e58c9f

services/core/java/com/android/server/StorageManagerService.java

+6 −2
Original line number Diff line number Diff line
@@ -3941,9 +3941,13 @@ class StorageManagerService extends IStorageManager.Stub 
            final boolean hasMtp = mIPackageManager.checkUidPermission(ACCESS_MTP, uid) ==

                    PERMISSION_GRANTED;

            if (mIsFuseEnabled && hasMtp) {

                // The process hosting the MTP server should be able to write in Android/

                ApplicationInfo ai = mIPackageManager.getApplicationInfo(packageName,

                        0, UserHandle.getUserId(uid));

                if (ai.isSignedWithPlatformKey()) {

                    // Platform processes hosting the MTP server should be able to write in Android/

                    return Zygote.MOUNT_EXTERNAL_ANDROID_WRITABLE;

                }

            }



            // Determine if caller is holding runtime permission

            final boolean hasRead = StorageManager.checkPermissionAndCheckOp(mContext, false, 0,