Don't use noteop for preflight checks (45810afb) · Commits · e / os / android_frameworks_base

core/java/android/os/Environment.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -1148,9 +1148,9 @@ public class Environment {
		final Context context = AppGlobals.getInitialApplication();
		final AppOpsManager appOps = context.getSystemService(AppOpsManager.class);

		final boolean hasLegacy = appOps.noteOpNoThrow(AppOpsManager.OP_LEGACY_STORAGE,
		final boolean hasLegacy = appOps.checkOpNoThrow(AppOpsManager.OP_LEGACY_STORAGE,
		context.getApplicationInfo().uid,
		context.getPackageName()) == AppOpsManager.MODE_ALLOWED;
		context.getOpPackageName()) == AppOpsManager.MODE_ALLOWED;

		// STOPSHIP: only use app-op once permission model has fully landed
		final boolean requestedLegacy = !AppGlobals.getInitialApplication().getApplicationInfo()

core/java/android/os/storage/StorageManager.java

+35 −1

Original line number	Diff line number	Diff line
		@@ -1652,6 +1652,26 @@ public class StorageManager {
		*/
		public static boolean checkPermissionAndAppOp(Context context, boolean enforce,
		int pid, int uid, String packageName, String permission, int op) {
		return checkPermissionAndAppOp(context, enforce, pid, uid, packageName, permission, op,
		true);
		}

		/**
		* Check that given app holds both permission and appop but do not noteOp.
		* @hide
		*/
		public static boolean checkPermissionAndCheckOp(Context context, boolean enforce,
		int pid, int uid, String packageName, String permission, int op) {
		return checkPermissionAndAppOp(context, enforce, pid, uid, packageName, permission, op,
		false);
		}

		/**
		* Check that given app holds both permission and appop.
		* @hide
		*/
		private static boolean checkPermissionAndAppOp(Context context, boolean enforce,
		int pid, int uid, String packageName, String permission, int op, boolean note) {
		if (context.checkPermission(permission, pid, uid) != PERMISSION_GRANTED) {
		if (enforce) {
		throw new SecurityException(
		@@ -1662,7 +1682,21 @@ public class StorageManager {
		}

		AppOpsManager appOps = context.getSystemService(AppOpsManager.class);
		final int mode = appOps.noteOpNoThrow(op, uid, packageName);
		final int mode;
		if (note) {
		mode = appOps.noteOpNoThrow(op, uid, packageName);
		} else {
		try {
		appOps.checkPackage(uid, packageName);
		} catch (SecurityException e) {
		if (enforce) {
		throw e;
		} else {
		return false;
		}
		}
		mode = appOps.checkOpNoThrow(op, uid, packageName);
		}
		switch (mode) {
		case AppOpsManager.MODE_ALLOWED:
		return true;

services/core/java/com/android/server/StorageManagerService.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -3836,9 +3836,9 @@ class StorageManagerService extends IStorageManager.Stub
		}

		// Determine if caller is holding runtime permission
		final boolean hasRead = StorageManager.checkPermissionAndAppOp(mContext, false, 0,
		final boolean hasRead = StorageManager.checkPermissionAndCheckOp(mContext, false, 0,
		uid, packageName, READ_EXTERNAL_STORAGE, OP_READ_EXTERNAL_STORAGE);
		final boolean hasWrite = StorageManager.checkPermissionAndAppOp(mContext, false, 0,
		final boolean hasWrite = StorageManager.checkPermissionAndCheckOp(mContext, false, 0,
		uid, packageName, WRITE_EXTERNAL_STORAGE, OP_WRITE_EXTERNAL_STORAGE);
		// STOPSHIP: remove this temporary hack once we have dynamic runtime
		// permissions fully enabled again