Loading core/java/android/os/Process.java +6 −0 Original line number Diff line number Diff line Loading @@ -228,6 +228,12 @@ public class Process { */ public static final int FSVERITY_CERT_UID = 1075; /** * GID that gives access to USB OTG (unreliable) volumes on /mnt/media_rw/<vol name> * @hide */ public static final int EXTERNAL_STORAGE_GID = 1077; /** * GID that gives write access to app-private data directories on external * storage (used on devices without sdcardfs only). Loading core/java/android/os/storage/StorageManagerInternal.java +11 −0 Original line number Diff line number Diff line Loading @@ -38,6 +38,17 @@ public abstract class StorageManagerInternal { */ public abstract int getExternalStorageMountMode(int uid, String packageName); /** * Checks whether the {@code packageName} with {@code uid} has full external storage access via * the {@link MANAGE_EXTERNAL_STORAGE} permission. * * @param uid the UID for which to check access. * @param packageName the package in the UID for making the call. * @return whether the {@code packageName} has full external storage access. * Returns {@code true} if it has access, {@code false} otherwise. */ public abstract boolean hasExternalStorageAccess(int uid, String packageName); /** * A listener for reset events in the StorageManagerService. */ Loading data/etc/platform.xml +0 −4 Original line number Diff line number Diff line Loading @@ -60,10 +60,6 @@ <group gid="log" /> </permission> <permission name="android.permission.MANAGE_EXTERNAL_STORAGE" > <group gid="external_storage" /> </permission> <permission name="android.permission.ACCESS_MTP" > <group gid="mtp" /> </permission> Loading services/core/java/com/android/server/StorageManagerService.java +20 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ package com.android.server; import static android.Manifest.permission.ACCESS_MTP; import static android.Manifest.permission.INSTALL_PACKAGES; import static android.Manifest.permission.MANAGE_EXTERNAL_STORAGE; import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; import static android.app.AppOpsManager.MODE_ALLOWED; import static android.app.AppOpsManager.OP_LEGACY_STORAGE; Loading Loading @@ -4605,6 +4606,25 @@ class StorageManagerService extends IStorageManager.Stub return mode; } @Override public boolean hasExternalStorageAccess(int uid, String packageName) { try { if (mIPackageManager.checkUidPermission( MANAGE_EXTERNAL_STORAGE, uid) == PERMISSION_GRANTED) { return true; } if (mIAppOpsService.checkOperation( OP_MANAGE_EXTERNAL_STORAGE, uid, packageName) == MODE_ALLOWED) { return true; } } catch (RemoteException e) { Slog.w("Failed to check MANAGE_EXTERNAL_STORAGE access for " + packageName, e); } return false; } @Override public void addResetListener(StorageManagerInternal.ResetListener listener) { synchronized (mResetListeners) { Loading services/core/java/com/android/server/am/ProcessList.java +11 −2 Original line number Diff line number Diff line Loading @@ -1598,7 +1598,8 @@ public final class ProcessList { } } private int[] computeGidsForProcess(int mountExternal, int uid, int[] permGids) { private int[] computeGidsForProcess(int mountExternal, int uid, int[] permGids, boolean externalStorageAccess) { ArrayList<Integer> gidList = new ArrayList<>(permGids.length + 5); final int sharedAppGid = UserHandle.getSharedAppGid(UserHandle.getAppId(uid)); Loading Loading @@ -1644,6 +1645,11 @@ public final class ProcessList { // PublicVolumes: /mnt/media_rw/<volume> gidList.add(Process.MEDIA_RW_GID); } if (externalStorageAccess) { // Apps with MANAGE_EXTERNAL_STORAGE PERMISSION need the external_storage gid to access // USB OTG (unreliable) volumes on /mnt/media_rw/<vol name> gidList.add(Process.EXTERNAL_STORAGE_GID); } int[] gidArray = new int[gidList.size()]; for (int i = 0; i < gidArray.length; i++) { Loading Loading @@ -1805,6 +1811,7 @@ public final class ProcessList { int uid = app.uid; int[] gids = null; int mountExternal = Zygote.MOUNT_EXTERNAL_NONE; boolean externalStorageAccess = false; if (!app.isolated) { int[] permGids = null; try { Loading @@ -1816,6 +1823,8 @@ public final class ProcessList { StorageManagerInternal.class); mountExternal = storageManagerInternal.getExternalStorageMountMode(uid, app.info.packageName); externalStorageAccess = storageManagerInternal.hasExternalStorageAccess(uid, app.info.packageName); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } Loading @@ -1835,7 +1844,7 @@ public final class ProcessList { } } gids = computeGidsForProcess(mountExternal, uid, permGids); gids = computeGidsForProcess(mountExternal, uid, permGids, externalStorageAccess); } app.setMountMode(mountExternal); checkSlow(startTime, "startProcess: building args"); Loading Loading
core/java/android/os/Process.java +6 −0 Original line number Diff line number Diff line Loading @@ -228,6 +228,12 @@ public class Process { */ public static final int FSVERITY_CERT_UID = 1075; /** * GID that gives access to USB OTG (unreliable) volumes on /mnt/media_rw/<vol name> * @hide */ public static final int EXTERNAL_STORAGE_GID = 1077; /** * GID that gives write access to app-private data directories on external * storage (used on devices without sdcardfs only). Loading
core/java/android/os/storage/StorageManagerInternal.java +11 −0 Original line number Diff line number Diff line Loading @@ -38,6 +38,17 @@ public abstract class StorageManagerInternal { */ public abstract int getExternalStorageMountMode(int uid, String packageName); /** * Checks whether the {@code packageName} with {@code uid} has full external storage access via * the {@link MANAGE_EXTERNAL_STORAGE} permission. * * @param uid the UID for which to check access. * @param packageName the package in the UID for making the call. * @return whether the {@code packageName} has full external storage access. * Returns {@code true} if it has access, {@code false} otherwise. */ public abstract boolean hasExternalStorageAccess(int uid, String packageName); /** * A listener for reset events in the StorageManagerService. */ Loading
data/etc/platform.xml +0 −4 Original line number Diff line number Diff line Loading @@ -60,10 +60,6 @@ <group gid="log" /> </permission> <permission name="android.permission.MANAGE_EXTERNAL_STORAGE" > <group gid="external_storage" /> </permission> <permission name="android.permission.ACCESS_MTP" > <group gid="mtp" /> </permission> Loading
services/core/java/com/android/server/StorageManagerService.java +20 −0 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ package com.android.server; import static android.Manifest.permission.ACCESS_MTP; import static android.Manifest.permission.INSTALL_PACKAGES; import static android.Manifest.permission.MANAGE_EXTERNAL_STORAGE; import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; import static android.app.AppOpsManager.MODE_ALLOWED; import static android.app.AppOpsManager.OP_LEGACY_STORAGE; Loading Loading @@ -4605,6 +4606,25 @@ class StorageManagerService extends IStorageManager.Stub return mode; } @Override public boolean hasExternalStorageAccess(int uid, String packageName) { try { if (mIPackageManager.checkUidPermission( MANAGE_EXTERNAL_STORAGE, uid) == PERMISSION_GRANTED) { return true; } if (mIAppOpsService.checkOperation( OP_MANAGE_EXTERNAL_STORAGE, uid, packageName) == MODE_ALLOWED) { return true; } } catch (RemoteException e) { Slog.w("Failed to check MANAGE_EXTERNAL_STORAGE access for " + packageName, e); } return false; } @Override public void addResetListener(StorageManagerInternal.ResetListener listener) { synchronized (mResetListeners) { Loading
services/core/java/com/android/server/am/ProcessList.java +11 −2 Original line number Diff line number Diff line Loading @@ -1598,7 +1598,8 @@ public final class ProcessList { } } private int[] computeGidsForProcess(int mountExternal, int uid, int[] permGids) { private int[] computeGidsForProcess(int mountExternal, int uid, int[] permGids, boolean externalStorageAccess) { ArrayList<Integer> gidList = new ArrayList<>(permGids.length + 5); final int sharedAppGid = UserHandle.getSharedAppGid(UserHandle.getAppId(uid)); Loading Loading @@ -1644,6 +1645,11 @@ public final class ProcessList { // PublicVolumes: /mnt/media_rw/<volume> gidList.add(Process.MEDIA_RW_GID); } if (externalStorageAccess) { // Apps with MANAGE_EXTERNAL_STORAGE PERMISSION need the external_storage gid to access // USB OTG (unreliable) volumes on /mnt/media_rw/<vol name> gidList.add(Process.EXTERNAL_STORAGE_GID); } int[] gidArray = new int[gidList.size()]; for (int i = 0; i < gidArray.length; i++) { Loading Loading @@ -1805,6 +1811,7 @@ public final class ProcessList { int uid = app.uid; int[] gids = null; int mountExternal = Zygote.MOUNT_EXTERNAL_NONE; boolean externalStorageAccess = false; if (!app.isolated) { int[] permGids = null; try { Loading @@ -1816,6 +1823,8 @@ public final class ProcessList { StorageManagerInternal.class); mountExternal = storageManagerInternal.getExternalStorageMountMode(uid, app.info.packageName); externalStorageAccess = storageManagerInternal.hasExternalStorageAccess(uid, app.info.packageName); } catch (RemoteException e) { throw e.rethrowAsRuntimeException(); } Loading @@ -1835,7 +1844,7 @@ public final class ProcessList { } } gids = computeGidsForProcess(mountExternal, uid, permGids); gids = computeGidsForProcess(mountExternal, uid, permGids, externalStorageAccess); } app.setMountMode(mountExternal); checkSlow(startTime, "startProcess: building args"); Loading
