Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 87a56161 authored Jan 24, 2019 by Jeff Sharkey

Verify permissions are only held by media stack.

The WRITE_MEDIA_STORAGE permission is a very powerful permission that
grants raw storage access to all devices, and as such it's only
appropriate to be granted to the media stack. Any apps with a
user-visible component (such as Camera or Gallery apps) must go
through public MediaStore APIs, to ensure that users have meaningful
permission controls.

For example, if the end user revokes the "Music" permission from an
app, but that app still has raw access to music via
WRITE_MEDIA_STORAGE, that would be a privacy incident.

Bug: 118402224
Test: atest android.permission.cts.ProviderPermissionTest
Change-Id: Iaf649689ff9e6d4eabbdb242852c179500654b56

parent c1b889d2

api/test-current.txt

+1 −0

Original line number	Diff line number	Diff line
		@@ -11,6 +11,7 @@ package android {
		field public static final String MANAGE_ACTIVITY_STACKS = "android.permission.MANAGE_ACTIVITY_STACKS";
		field public static final String READ_CELL_BROADCASTS = "android.permission.READ_CELL_BROADCASTS";
		field public static final String REMOVE_TASKS = "android.permission.REMOVE_TASKS";
		field public static final String WRITE_MEDIA_STORAGE = "android.permission.WRITE_MEDIA_STORAGE";
		field public static final String WRITE_OBB = "android.permission.WRITE_OBB";
		}

core/res/AndroidManifest.xml

+1 −1

Original line number	Diff line number	Diff line
		@@ -2119,7 +2119,7 @@
		<!-- ================================== -->
		<eat-comment />

		<!-- @SystemApi Allows an application to write to internal media storage
		<!-- @SystemApi @TestApi Allows an application to write to internal media storage
		@hide -->
		<permission android:name="android.permission.WRITE_MEDIA_STORAGE"
		android:protectionLevel="signature\|privileged" />