Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 68b3e186 authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

Remove greylist of apps that gain legacy access. 

Per design pivot, access to legacy behavior will be determined by
the new "allowExternalStorageSandbox" manifest flag.

Bug: 124818022, 129487770
Test: atest --test-mapping packages/providers/MediaProvider
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Change-Id: I169e5eb3612c23aad47204cde9ff263f9df6f8c1
parent 8f8cf343

cmds/sm/src/com/android/commands/sm/Sm.java

+0 −8
Original line number Diff line number Diff line
@@ -103,8 +103,6 @@ public final class Sm { 
            runSetVirtualDisk();

        } else if ("set-isolated-storage".equals(op)) {

            runIsolatedStorage();

        } else if ("set-legacy-greylist".equals(op)) {

            runLegacyGreylist();

        } else {

            throw new IllegalArgumentException();

        }
@@ -306,12 +304,6 @@ public final class Sm { 
        mSm.setDebugFlags(value, mask);

    }



    public void runLegacyGreylist() throws RemoteException {

        final boolean legacyGreylist = Boolean.parseBoolean(nextArg());

        mSm.setDebugFlags(legacyGreylist ? StorageManager.DEBUG_LEGACY_GREYLIST : 0,

                StorageManager.DEBUG_LEGACY_GREYLIST);

    }



    public void runIdleMaint() throws RemoteException {

        final boolean im_run = "run".equals(nextArg());

        if (im_run) {

core/java/android/os/storage/StorageManager.java

+0 −4
Original line number Diff line number Diff line
@@ -152,8 +152,6 @@ public class StorageManager { 
    public static final String PROP_ISOLATED_STORAGE = "persist.sys.isolated_storage";

    /** {@hide} */

    public static final String PROP_ISOLATED_STORAGE_SNAPSHOT = "sys.isolated_storage_snapshot";

    /** {@hide} */

    public static final String PROP_LEGACY_GREYLIST = "persist.sys.legacy_greylist";



    /** {@hide} */

    public static final String PROP_FORCE_AUDIO = "persist.fw.force_audio";
@@ -251,8 +249,6 @@ public class StorageManager { 
    public static final int DEBUG_ISOLATED_STORAGE_FORCE_ON = 1 << 6;

    /** {@hide} */

    public static final int DEBUG_ISOLATED_STORAGE_FORCE_OFF = 1 << 7;

    /** {@hide} */

    public static final int DEBUG_LEGACY_GREYLIST = 1 << 8;



    /** {@hide} */

    public static final int FLAG_STORAGE_DE = IInstalld.FLAG_STORAGE_DE;

services/core/java/com/android/server/StorageManagerService.java

+6 −66
Original line number Diff line number Diff line
@@ -210,9 +210,6 @@ class StorageManagerService extends IStorageManager.Stub 


    private static final boolean ENABLE_ISOLATED_STORAGE = StorageManager.hasIsolatedStorage();



    private static final boolean ENABLE_LEGACY_GREYLIST = SystemProperties

            .getBoolean(StorageManager.PROP_LEGACY_GREYLIST, true);



    /**

     * If {@code 1}, enables the isolated storage feature. If {@code -1},

     * disables the isolated storage feature. If {@code 0}, uses the default
@@ -1733,7 +1730,7 @@ class StorageManagerService extends IStorageManager.Stub 


                final long lastAccess = getLastAccessTime(appOps, uid, packageName, new int[] {

                        AppOpsManager.OP_READ_EXTERNAL_STORAGE,

                        OP_WRITE_EXTERNAL_STORAGE,

                        AppOpsManager.OP_WRITE_EXTERNAL_STORAGE,

                });



                Log.d(TAG, "Found " + uid + " " + packageName
@@ -2394,23 +2391,6 @@ class StorageManagerService extends IStorageManager.Stub 
                Binder.restoreCallingIdentity(token);

            }

        }



        if ((mask & StorageManager.DEBUG_LEGACY_GREYLIST) != 0) {

            final boolean enabled = (flags & StorageManager.DEBUG_LEGACY_GREYLIST) != 0;



            final long token = Binder.clearCallingIdentity();

            try {

                SystemProperties.set(StorageManager.PROP_LEGACY_GREYLIST,

                        Boolean.toString(enabled));



                // Perform hard reboot to kick policy into place

                mHandler.post(() -> {

                    mContext.getSystemService(PowerManager.class).reboot(null);

                });

            } finally {

                Binder.restoreCallingIdentity(token);

            }

        }

    }



    @Override
@@ -3884,8 +3864,11 @@ class StorageManagerService extends IStorageManager.Stub 
            // they hold the runtime permission

            final boolean hasLegacy = mIAppOpsService.checkOperation(OP_LEGACY_STORAGE,

                    uid, packageName) == MODE_ALLOWED;

            final boolean hasGreylist = isLegacyGreylisted(packageName);

            if ((hasLegacy || hasGreylist) && hasStorage) {

            // STOPSHIP: only use app-op once permission model has fully landed

            final boolean requestedLegacy = !mIPackageManager

                    .getApplicationInfo(packageName, 0, UserHandle.getUserId(uid))

                    .isExternalStorageSandboxAllowed();

            if ((hasLegacy || requestedLegacy) && hasStorage) {

                return Zygote.MOUNT_EXTERNAL_LEGACY;

            } else {

                return Zygote.MOUNT_EXTERNAL_WRITE;
@@ -3896,49 +3879,6 @@ class StorageManagerService extends IStorageManager.Stub 
        return Zygote.MOUNT_EXTERNAL_NONE;

    }



    private boolean isLegacyGreylisted(String packageName) {

        // TODO: decide legacy defaults at install time based on signals

        if (ENABLE_LEGACY_GREYLIST) {

            // STOPSHIP: remove this temporary workaround once developers

            // fix bugs where they're opening _data paths in native code

            switch (packageName) {

                case "com.facebook.katana": // b/123996076

                case "jp.naver.line.android": // b/124767356

                case "com.mxtech.videoplayer.ad": // b/124531483

                case "com.whatsapp": // b/124766614

                case "com.maxmpz.audioplayer": // b/127886230

                case "com.estrongs.android.pop": // b/127926473

                case "com.roidapp.photogrid": // b/128269119

                case "com.cleanmaster.mguard": // b/128384413

                case "com.skype.raider": // b/128487044

                case "org.telegram.messenger": // b/128652960

                case "com.jrtstudio.AnotherMusicPlayer": // b/129084562

                case "ak.alizandro.smartaudiobookplayer": // b/129084042

                case "com.campmobile.snow": // b/128803870

                case "com.qnap.qfile": // b/126374406

                case "com.google.android.apps.photos": // b/125506293

                case "com.facebook.mlite": // b/126561155

                case "com.ss.android.ugc.trill": // b/126610656

                case "com.instagram.android": // b/127526615

                case "com.facebook.orca": // b/128255453

                case "org.videolan.vlc": // b/128391743

                case "vStudio.Android.Camera360": // b/128882110

                case "com.twitter.android": // b/128948908

                case "com.tumblr": // b/129022664

                case "com.sina.weibo": // b/129029018

                case "com.kwai.video": // b/129037235

                case "com.fotoable.photocollage": // b/129236353

                case "com.xvideostudio.videoeditor": // b/129247146

                case "app.buzz.share": // b/129304005

                case "com.ss.android.article.topbuzzvideo.en": // b/129303979

                case "com.linecorp.b612.android": // b/129318512

                case "com.google.android.GoogleCamera": // b/128326994

                    return true;

            }

        }

        return false;

    }



    private static class Callbacks extends Handler {

        private static final int MSG_STORAGE_STATE_CHANGED = 1;

        private static final int MSG_VOLUME_STATE_CHANGED = 2;