Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 87915d66 authored by Sudheer Shanka's avatar Sudheer Shanka
Browse files

Update storage sandbox path translation methods. 

Update these methods to consider if the app is sandboxed or not.
Earlier, only apps with WRITE_MEDIA_STORAGE have access to full
external storage. So, clients had to check this before calling
these translate methods. Now, apps under instrumention might also
have full storage access and DownloadProvider will also start
using these translate methods. So, instead of having the clients
deal with it, move the logic of checking if an app is sandboxed or
not into these translate methods.

Bug: 117229024
Bug: 119265456
Test: atest MediaProviderTests
Test: atest cts/tests/tests/provider/src/android/provider/cts/MediaStore*
Test: atest services/tests/servicestests/src/com/android/server/StorageManagerServiceTest.java

Change-Id: If679e71a906bb2106752721409b4410557fb3e28
parent 64fdbf5f

core/java/android/app/ActivityManagerInternal.java

+3 −0
Original line number Diff line number Diff line
@@ -285,4 +285,7 @@ public abstract class ActivityManagerInternal { 
    */

    public abstract void setDebugFlagsForStartingActivity(ActivityInfo aInfo, int startFlags,

            ProfilerInfo profilerInfo, Object wmLock);



    /** Checks if process running with given pid has access to full external storage or not */

    public abstract boolean isAppStorageSandboxed(int pid, int uid);

}

core/java/android/os/storage/IStorageManager.aidl

+2 −2
Original line number Diff line number Diff line
@@ -188,6 +188,6 @@ interface IStorageManager { 
    void allocateBytes(String volumeUuid, long bytes, int flags, String callingPackage) = 78;

    void runIdleMaintenance() = 79;

    void abortIdleMaintenance() = 80;

    String translateAppToSystem(String path, String packageName, int userId) = 81;

    String translateSystemToApp(String path, String packageName, int userId) = 82;

    String translateAppToSystem(String path, int pid, int uid) = 81;

    String translateSystemToApp(String path, int pid, int uid) = 82;

}

core/java/android/os/storage/StorageManager.java

+4 −4
Original line number Diff line number Diff line
@@ -1546,13 +1546,13 @@ public class StorageManager { 
     *

     * @hide

     */

    public File translateAppToSystem(File file, String packageName) {

    public File translateAppToSystem(File file, int pid, int uid) {

        // We can only translate absolute paths

        if (!file.isAbsolute()) return file;



        try {

            return new File(mStorageManager.translateAppToSystem(file.getAbsolutePath(),

                    packageName, mContext.getUserId()));

                    pid, uid));

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }
@@ -1564,13 +1564,13 @@ public class StorageManager { 
     *

     * @hide

     */

    public File translateSystemToApp(File file, String packageName) {

    public File translateSystemToApp(File file, int pid, int uid) {

        // We can only translate absolute paths

        if (!file.isAbsolute()) return file;



        try {

            return new File(mStorageManager.translateSystemToApp(file.getAbsolutePath(),

                    packageName, mContext.getUserId()));

                    pid, uid));

        } catch (RemoteException e) {

            throw e.rethrowFromSystemServer();

        }

services/core/java/com/android/server/StorageManagerService.java

+15 −11
Original line number Diff line number Diff line
@@ -38,6 +38,7 @@ import static org.xmlpull.v1.XmlPullParser.START_TAG; 
import android.Manifest;

import android.annotation.Nullable;

import android.app.ActivityManager;

import android.app.ActivityManagerInternal;

import android.app.AppOpsManager;

import android.app.IActivityManager;

import android.app.KeyguardManager;
@@ -450,6 +451,7 @@ class StorageManagerService extends IStorageManager.Stub 


    private PackageManagerInternal mPmInternal;

    private UserManagerInternal mUmInternal;

    private ActivityManagerInternal mAmInternal;



    private final Callbacks mCallbacks;

    private final LockPatternUtils mLockPatternUtils;
@@ -1439,6 +1441,7 @@ class StorageManagerService extends IStorageManager.Stub 


        mPmInternal = LocalServices.getService(PackageManagerInternal.class);

        mUmInternal = LocalServices.getService(UserManagerInternal.class);

        mAmInternal = LocalServices.getService(ActivityManagerInternal.class);



        HandlerThread hthread = new HandlerThread(TAG);

        hthread.start();
@@ -3040,25 +3043,25 @@ class StorageManagerService extends IStorageManager.Stub 
            "(?i)^(/storage/[^/]+/(?:[0-9]+/)?)(.*)");



    @Override

    public String translateAppToSystem(String path, String packageName, int userId) {

        return translateInternal(path, packageName, userId, true);

    public String translateAppToSystem(String path, int pid, int uid) {

        return translateInternal(path, pid, uid, true);

    }



    @Override

    public String translateSystemToApp(String path, String packageName, int userId) {

        return translateInternal(path, packageName, userId, false);

    public String translateSystemToApp(String path, int pid, int uid) {

        return translateInternal(path, pid, uid, false);

    }



    private String translateInternal(String path, String packageName, int userId,

            boolean toSystem) {

    private String translateInternal(String path, int pid, int uid, boolean toSystem) {

        if (!ENABLE_ISOLATED_STORAGE) return path;



        if (path.contains("/../")) {

            throw new SecurityException("Shady looking path " + path);

        }



        final String sharedUserId = mPmInternal.getSharedUserIdForPackage(packageName);

        final String sandboxId = getSandboxId(packageName, sharedUserId);

        if (!mAmInternal.isAppStorageSandboxed(pid, uid)) {

            return path;

        }



        final Matcher m = PATTERN_TRANSLATE.matcher(path);

        if (m.matches()) {
@@ -3067,9 +3070,7 @@ class StorageManagerService extends IStorageManager.Stub 


            // Does path belong to any packages belonging to this UID? If so,

            // they get to go straight through to legacy paths.

            final String[] pkgs = (sharedUserId == null)

                    ? new String[] {packageName}

                    : mPmInternal.getPackagesForSharedUserId(sharedUserId, userId);

            final String[] pkgs = mContext.getPackageManager().getPackagesForUid(uid);

            for (String pkg : pkgs) {

                if (devicePath.startsWith("Android/data/" + pkg + "/") ||

                        devicePath.startsWith("Android/media/" + pkg + "/") ||
@@ -3078,6 +3079,9 @@ class StorageManagerService extends IStorageManager.Stub 
                }

            }



            final String sharedUserId = mPmInternal.getSharedUserIdForPackage(pkgs[0]);

            final String sandboxId = getSandboxId(pkgs[0], sharedUserId);



            if (toSystem) {

                // Everything else goes into sandbox.

                return device + "Android/sandbox/" + sandboxId + "/" + devicePath;

services/core/java/com/android/server/am/ActivityManagerService.java

+12 −0
Original line number Diff line number Diff line
@@ -318,6 +318,7 @@ import com.android.internal.os.ByteTransferPipe; 
import com.android.internal.os.IResultReceiver;

import com.android.internal.os.ProcessCpuTracker;

import com.android.internal.os.TransferPipe;

import com.android.internal.os.Zygote;

import com.android.internal.telephony.TelephonyIntents;

import com.android.internal.util.ArrayUtils;

import com.android.internal.util.DumpUtils;
@@ -19176,6 +19177,17 @@ public class ActivityManagerService extends IActivityManager.Stub 
                }

            }

        }













        @Override













        public boolean isAppStorageSandboxed(int pid, int uid) {













            if (!SystemProperties.getBoolean(StorageManager.PROP_ISOLATED_STORAGE, false)) {













                return false;













            }













            synchronized (mPidsSelfLocked) {













                final ProcessRecord pr = mPidsSelfLocked.get(pid);













                return pr == null || pr.mountMode != Zygote.MOUNT_EXTERNAL_FULL;













            }













        }















    }





























    long inputDispatchingTimedOut(int pid, final boolean aboveSystem, String reason) {