Loading core/java/android/os/ZygoteProcess.java +0 −8 Original line number Diff line number Diff line Loading @@ -657,16 +657,8 @@ public class ZygoteProcess { argsForZygote.add("--runtime-flags=" + runtimeFlags); if (mountExternal == Zygote.MOUNT_EXTERNAL_DEFAULT) { argsForZygote.add("--mount-external-default"); } else if (mountExternal == Zygote.MOUNT_EXTERNAL_READ) { argsForZygote.add("--mount-external-read"); } else if (mountExternal == Zygote.MOUNT_EXTERNAL_WRITE) { argsForZygote.add("--mount-external-write"); } else if (mountExternal == Zygote.MOUNT_EXTERNAL_FULL) { argsForZygote.add("--mount-external-full"); } else if (mountExternal == Zygote.MOUNT_EXTERNAL_INSTALLER) { argsForZygote.add("--mount-external-installer"); } else if (mountExternal == Zygote.MOUNT_EXTERNAL_LEGACY) { argsForZygote.add("--mount-external-legacy"); } else if (mountExternal == Zygote.MOUNT_EXTERNAL_PASS_THROUGH) { argsForZygote.add("--mount-external-pass-through"); } else if (mountExternal == Zygote.MOUNT_EXTERNAL_ANDROID_WRITABLE) { Loading core/java/com/android/internal/os/Zygote.java +0 −12 Original line number Diff line number Diff line Loading @@ -179,23 +179,11 @@ public final class Zygote { public static final int MOUNT_EXTERNAL_NONE = IVold.REMOUNT_MODE_NONE; /** Default external storage should be mounted. */ public static final int MOUNT_EXTERNAL_DEFAULT = IVold.REMOUNT_MODE_DEFAULT; /** Read-only external storage should be mounted. */ public static final int MOUNT_EXTERNAL_READ = IVold.REMOUNT_MODE_READ; /** Read-write external storage should be mounted. */ public static final int MOUNT_EXTERNAL_WRITE = IVold.REMOUNT_MODE_WRITE; /** * Mount mode for apps that are already installed on the device before the isolated_storage * feature is enabled. */ public static final int MOUNT_EXTERNAL_LEGACY = IVold.REMOUNT_MODE_LEGACY; /** * Mount mode for package installers which should give them access to * all obb dirs in addition to their package sandboxes */ public static final int MOUNT_EXTERNAL_INSTALLER = IVold.REMOUNT_MODE_INSTALLER; /** Read-write external storage should be mounted instead of package sandbox */ public static final int MOUNT_EXTERNAL_FULL = IVold.REMOUNT_MODE_FULL; /** The lower file system should be bind mounted directly on external storage */ public static final int MOUNT_EXTERNAL_PASS_THROUGH = IVold.REMOUNT_MODE_PASS_THROUGH; Loading core/java/com/android/internal/os/ZygoteArguments.java +1 −9 Original line number Diff line number Diff line Loading @@ -395,16 +395,8 @@ class ZygoteArguments { mNiceName = getAssignmentValue(arg); } else if (arg.equals("--mount-external-default")) { mMountExternal = Zygote.MOUNT_EXTERNAL_DEFAULT; } else if (arg.equals("--mount-external-read")) { mMountExternal = Zygote.MOUNT_EXTERNAL_READ; } else if (arg.equals("--mount-external-write")) { mMountExternal = Zygote.MOUNT_EXTERNAL_WRITE; } else if (arg.equals("--mount-external-full")) { mMountExternal = Zygote.MOUNT_EXTERNAL_FULL; } else if (arg.equals("--mount-external-installer")) { mMountExternal = Zygote.MOUNT_EXTERNAL_INSTALLER; } else if (arg.equals("--mount-external-legacy")) { mMountExternal = Zygote.MOUNT_EXTERNAL_LEGACY; } else if (arg.equals("--mount-external-pass-through")) { mMountExternal = Zygote.MOUNT_EXTERNAL_PASS_THROUGH; } else if (arg.equals("--mount-external-android-writable")) { Loading core/jni/com_android_internal_os_Zygote.cpp +12 −38 Original line number Diff line number Diff line Loading @@ -115,7 +115,6 @@ typedef const std::function<void(std::string)>& fail_fn_t; static pid_t gSystemServerPid = 0; static constexpr const char* kVoldAppDataIsolation = "persist.sys.vold_app_data_isolation_enabled"; static constexpr const char* kPropFuse = "persist.sys.fuse"; static const char kZygoteClassName[] = "com/android/internal/os/Zygote"; static jclass gZygoteClass; static jmethodID gCallPostForkSystemServerHooks; Loading Loading @@ -305,33 +304,17 @@ static std::array<UsapTableEntry, USAP_POOL_SIZE_MAX_LIMIT> gUsapTable; static FileDescriptorTable* gOpenFdTable = nullptr; // Must match values in com.android.internal.os.Zygote. // The order of entries here must be kept in sync with ExternalStorageViews array values. // Note that there are gaps in the constants: // This is to further keep the values consistent with IVold.aidl enum MountExternalKind { MOUNT_EXTERNAL_NONE = 0, MOUNT_EXTERNAL_DEFAULT = 1, MOUNT_EXTERNAL_READ = 2, MOUNT_EXTERNAL_WRITE = 3, MOUNT_EXTERNAL_LEGACY = 4, MOUNT_EXTERNAL_INSTALLER = 5, MOUNT_EXTERNAL_FULL = 6, MOUNT_EXTERNAL_PASS_THROUGH = 7, MOUNT_EXTERNAL_ANDROID_WRITABLE = 8, MOUNT_EXTERNAL_COUNT = 9 }; // The order of entries here must be kept in sync with MountExternalKind enum values. static const std::array<const std::string, MOUNT_EXTERNAL_COUNT> ExternalStorageViews = { "", // MOUNT_EXTERNAL_NONE "/mnt/runtime/default", // MOUNT_EXTERNAL_DEFAULT "/mnt/runtime/read", // MOUNT_EXTERNAL_READ "/mnt/runtime/write", // MOUNT_EXTERNAL_WRITE "/mnt/runtime/write", // MOUNT_EXTERNAL_LEGACY "/mnt/runtime/write", // MOUNT_EXTERNAL_INSTALLER "/mnt/runtime/full", // MOUNT_EXTERNAL_FULL "/mnt/runtime/full", // MOUNT_EXTERNAL_PASS_THROUGH (only used w/ FUSE) "/mnt/runtime/full", // MOUNT_EXTERNAL_ANDROID_WRITABLE (only used w/ FUSE) }; // Must match values in com.android.internal.os.Zygote. enum RuntimeFlags : uint32_t { DEBUG_ENABLE_JDWP = 1, Loading Loading @@ -832,10 +815,8 @@ static void MountEmulatedStorage(uid_t uid, jint mount_mode, PrepareDir(user_source, 0710, user_id ? AID_ROOT : AID_SHELL, multiuser_get_uid(user_id, AID_EVERYBODY), fail_fn); bool isFuse = GetBoolProperty(kPropFuse, false); bool isAppDataIsolationEnabled = GetBoolProperty(kVoldAppDataIsolation, false); if (isFuse) { if (mount_mode == MOUNT_EXTERNAL_PASS_THROUGH) { const std::string pass_through_source = StringPrintf("/mnt/pass_through/%d", user_id); PrepareDir(pass_through_source, 0710, AID_ROOT, AID_MEDIA_RW, fail_fn); Loading @@ -849,13 +830,6 @@ static void MountEmulatedStorage(uid_t uid, jint mount_mode, } else { BindMount(user_source, "/storage", fail_fn); } } else { const std::string& storage_source = ExternalStorageViews[mount_mode]; BindMount(storage_source, "/storage", fail_fn); // Mount user-specific symlink helper into place BindMount(user_source, "/storage/self", fail_fn); } } static bool NeedsNoRandomizeWorkaround() { Loading services/core/java/com/android/server/StorageManagerService.java +1 −25 Original line number Diff line number Diff line Loading @@ -18,9 +18,7 @@ package com.android.server; import static android.Manifest.permission.ACCESS_MTP; import static android.Manifest.permission.INSTALL_PACKAGES; import static android.Manifest.permission.READ_EXTERNAL_STORAGE; import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; import static android.Manifest.permission.WRITE_MEDIA_STORAGE; import static android.app.ActivityManager.PROCESS_STATE_NONEXISTENT; import static android.app.AppOpsManager.MODE_ALLOWED; import static android.app.AppOpsManager.OP_LEGACY_STORAGE; Loading Loading @@ -4337,19 +4335,9 @@ class StorageManagerService extends IStorageManager.Stub } // Determine if caller is holding runtime permission final boolean hasRead = StorageManager.checkPermissionAndCheckOp(mContext, false, 0, uid, packageName, READ_EXTERNAL_STORAGE, OP_READ_EXTERNAL_STORAGE); final boolean hasWrite = StorageManager.checkPermissionAndCheckOp(mContext, false, 0, uid, packageName, WRITE_EXTERNAL_STORAGE, OP_WRITE_EXTERNAL_STORAGE); // We're only willing to give out broad access if they also hold // runtime permission; this is a firm CDD requirement final boolean hasFull = mIPackageManager.checkUidPermission(WRITE_MEDIA_STORAGE, uid) == PERMISSION_GRANTED; if (hasFull && hasWrite) { return Zygote.MOUNT_EXTERNAL_FULL; } // We're only willing to give out installer access if they also hold // runtime permission; this is a firm CDD requirement final boolean hasInstall = mIPackageManager.checkUidPermission(INSTALL_PACKAGES, Loading @@ -4369,19 +4357,7 @@ class StorageManagerService extends IStorageManager.Stub if ((hasInstall || hasInstallOp) && hasWrite) { return Zygote.MOUNT_EXTERNAL_INSTALLER; } // Otherwise we're willing to give out sandboxed or non-sandboxed if // they hold the runtime permission boolean hasLegacy = mIAppOpsService.checkOperation(OP_LEGACY_STORAGE, uid, packageName) == MODE_ALLOWED; if (hasLegacy && hasWrite) { return Zygote.MOUNT_EXTERNAL_WRITE; } else if (hasLegacy && hasRead) { return Zygote.MOUNT_EXTERNAL_READ; } else { return Zygote.MOUNT_EXTERNAL_DEFAULT; } } catch (RemoteException e) { // Should not happen } Loading Loading
core/java/android/os/ZygoteProcess.java +0 −8 Original line number Diff line number Diff line Loading @@ -657,16 +657,8 @@ public class ZygoteProcess { argsForZygote.add("--runtime-flags=" + runtimeFlags); if (mountExternal == Zygote.MOUNT_EXTERNAL_DEFAULT) { argsForZygote.add("--mount-external-default"); } else if (mountExternal == Zygote.MOUNT_EXTERNAL_READ) { argsForZygote.add("--mount-external-read"); } else if (mountExternal == Zygote.MOUNT_EXTERNAL_WRITE) { argsForZygote.add("--mount-external-write"); } else if (mountExternal == Zygote.MOUNT_EXTERNAL_FULL) { argsForZygote.add("--mount-external-full"); } else if (mountExternal == Zygote.MOUNT_EXTERNAL_INSTALLER) { argsForZygote.add("--mount-external-installer"); } else if (mountExternal == Zygote.MOUNT_EXTERNAL_LEGACY) { argsForZygote.add("--mount-external-legacy"); } else if (mountExternal == Zygote.MOUNT_EXTERNAL_PASS_THROUGH) { argsForZygote.add("--mount-external-pass-through"); } else if (mountExternal == Zygote.MOUNT_EXTERNAL_ANDROID_WRITABLE) { Loading
core/java/com/android/internal/os/Zygote.java +0 −12 Original line number Diff line number Diff line Loading @@ -179,23 +179,11 @@ public final class Zygote { public static final int MOUNT_EXTERNAL_NONE = IVold.REMOUNT_MODE_NONE; /** Default external storage should be mounted. */ public static final int MOUNT_EXTERNAL_DEFAULT = IVold.REMOUNT_MODE_DEFAULT; /** Read-only external storage should be mounted. */ public static final int MOUNT_EXTERNAL_READ = IVold.REMOUNT_MODE_READ; /** Read-write external storage should be mounted. */ public static final int MOUNT_EXTERNAL_WRITE = IVold.REMOUNT_MODE_WRITE; /** * Mount mode for apps that are already installed on the device before the isolated_storage * feature is enabled. */ public static final int MOUNT_EXTERNAL_LEGACY = IVold.REMOUNT_MODE_LEGACY; /** * Mount mode for package installers which should give them access to * all obb dirs in addition to their package sandboxes */ public static final int MOUNT_EXTERNAL_INSTALLER = IVold.REMOUNT_MODE_INSTALLER; /** Read-write external storage should be mounted instead of package sandbox */ public static final int MOUNT_EXTERNAL_FULL = IVold.REMOUNT_MODE_FULL; /** The lower file system should be bind mounted directly on external storage */ public static final int MOUNT_EXTERNAL_PASS_THROUGH = IVold.REMOUNT_MODE_PASS_THROUGH; Loading
core/java/com/android/internal/os/ZygoteArguments.java +1 −9 Original line number Diff line number Diff line Loading @@ -395,16 +395,8 @@ class ZygoteArguments { mNiceName = getAssignmentValue(arg); } else if (arg.equals("--mount-external-default")) { mMountExternal = Zygote.MOUNT_EXTERNAL_DEFAULT; } else if (arg.equals("--mount-external-read")) { mMountExternal = Zygote.MOUNT_EXTERNAL_READ; } else if (arg.equals("--mount-external-write")) { mMountExternal = Zygote.MOUNT_EXTERNAL_WRITE; } else if (arg.equals("--mount-external-full")) { mMountExternal = Zygote.MOUNT_EXTERNAL_FULL; } else if (arg.equals("--mount-external-installer")) { mMountExternal = Zygote.MOUNT_EXTERNAL_INSTALLER; } else if (arg.equals("--mount-external-legacy")) { mMountExternal = Zygote.MOUNT_EXTERNAL_LEGACY; } else if (arg.equals("--mount-external-pass-through")) { mMountExternal = Zygote.MOUNT_EXTERNAL_PASS_THROUGH; } else if (arg.equals("--mount-external-android-writable")) { Loading
core/jni/com_android_internal_os_Zygote.cpp +12 −38 Original line number Diff line number Diff line Loading @@ -115,7 +115,6 @@ typedef const std::function<void(std::string)>& fail_fn_t; static pid_t gSystemServerPid = 0; static constexpr const char* kVoldAppDataIsolation = "persist.sys.vold_app_data_isolation_enabled"; static constexpr const char* kPropFuse = "persist.sys.fuse"; static const char kZygoteClassName[] = "com/android/internal/os/Zygote"; static jclass gZygoteClass; static jmethodID gCallPostForkSystemServerHooks; Loading Loading @@ -305,33 +304,17 @@ static std::array<UsapTableEntry, USAP_POOL_SIZE_MAX_LIMIT> gUsapTable; static FileDescriptorTable* gOpenFdTable = nullptr; // Must match values in com.android.internal.os.Zygote. // The order of entries here must be kept in sync with ExternalStorageViews array values. // Note that there are gaps in the constants: // This is to further keep the values consistent with IVold.aidl enum MountExternalKind { MOUNT_EXTERNAL_NONE = 0, MOUNT_EXTERNAL_DEFAULT = 1, MOUNT_EXTERNAL_READ = 2, MOUNT_EXTERNAL_WRITE = 3, MOUNT_EXTERNAL_LEGACY = 4, MOUNT_EXTERNAL_INSTALLER = 5, MOUNT_EXTERNAL_FULL = 6, MOUNT_EXTERNAL_PASS_THROUGH = 7, MOUNT_EXTERNAL_ANDROID_WRITABLE = 8, MOUNT_EXTERNAL_COUNT = 9 }; // The order of entries here must be kept in sync with MountExternalKind enum values. static const std::array<const std::string, MOUNT_EXTERNAL_COUNT> ExternalStorageViews = { "", // MOUNT_EXTERNAL_NONE "/mnt/runtime/default", // MOUNT_EXTERNAL_DEFAULT "/mnt/runtime/read", // MOUNT_EXTERNAL_READ "/mnt/runtime/write", // MOUNT_EXTERNAL_WRITE "/mnt/runtime/write", // MOUNT_EXTERNAL_LEGACY "/mnt/runtime/write", // MOUNT_EXTERNAL_INSTALLER "/mnt/runtime/full", // MOUNT_EXTERNAL_FULL "/mnt/runtime/full", // MOUNT_EXTERNAL_PASS_THROUGH (only used w/ FUSE) "/mnt/runtime/full", // MOUNT_EXTERNAL_ANDROID_WRITABLE (only used w/ FUSE) }; // Must match values in com.android.internal.os.Zygote. enum RuntimeFlags : uint32_t { DEBUG_ENABLE_JDWP = 1, Loading Loading @@ -832,10 +815,8 @@ static void MountEmulatedStorage(uid_t uid, jint mount_mode, PrepareDir(user_source, 0710, user_id ? AID_ROOT : AID_SHELL, multiuser_get_uid(user_id, AID_EVERYBODY), fail_fn); bool isFuse = GetBoolProperty(kPropFuse, false); bool isAppDataIsolationEnabled = GetBoolProperty(kVoldAppDataIsolation, false); if (isFuse) { if (mount_mode == MOUNT_EXTERNAL_PASS_THROUGH) { const std::string pass_through_source = StringPrintf("/mnt/pass_through/%d", user_id); PrepareDir(pass_through_source, 0710, AID_ROOT, AID_MEDIA_RW, fail_fn); Loading @@ -849,13 +830,6 @@ static void MountEmulatedStorage(uid_t uid, jint mount_mode, } else { BindMount(user_source, "/storage", fail_fn); } } else { const std::string& storage_source = ExternalStorageViews[mount_mode]; BindMount(storage_source, "/storage", fail_fn); // Mount user-specific symlink helper into place BindMount(user_source, "/storage/self", fail_fn); } } static bool NeedsNoRandomizeWorkaround() { Loading
services/core/java/com/android/server/StorageManagerService.java +1 −25 Original line number Diff line number Diff line Loading @@ -18,9 +18,7 @@ package com.android.server; import static android.Manifest.permission.ACCESS_MTP; import static android.Manifest.permission.INSTALL_PACKAGES; import static android.Manifest.permission.READ_EXTERNAL_STORAGE; import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE; import static android.Manifest.permission.WRITE_MEDIA_STORAGE; import static android.app.ActivityManager.PROCESS_STATE_NONEXISTENT; import static android.app.AppOpsManager.MODE_ALLOWED; import static android.app.AppOpsManager.OP_LEGACY_STORAGE; Loading Loading @@ -4337,19 +4335,9 @@ class StorageManagerService extends IStorageManager.Stub } // Determine if caller is holding runtime permission final boolean hasRead = StorageManager.checkPermissionAndCheckOp(mContext, false, 0, uid, packageName, READ_EXTERNAL_STORAGE, OP_READ_EXTERNAL_STORAGE); final boolean hasWrite = StorageManager.checkPermissionAndCheckOp(mContext, false, 0, uid, packageName, WRITE_EXTERNAL_STORAGE, OP_WRITE_EXTERNAL_STORAGE); // We're only willing to give out broad access if they also hold // runtime permission; this is a firm CDD requirement final boolean hasFull = mIPackageManager.checkUidPermission(WRITE_MEDIA_STORAGE, uid) == PERMISSION_GRANTED; if (hasFull && hasWrite) { return Zygote.MOUNT_EXTERNAL_FULL; } // We're only willing to give out installer access if they also hold // runtime permission; this is a firm CDD requirement final boolean hasInstall = mIPackageManager.checkUidPermission(INSTALL_PACKAGES, Loading @@ -4369,19 +4357,7 @@ class StorageManagerService extends IStorageManager.Stub if ((hasInstall || hasInstallOp) && hasWrite) { return Zygote.MOUNT_EXTERNAL_INSTALLER; } // Otherwise we're willing to give out sandboxed or non-sandboxed if // they hold the runtime permission boolean hasLegacy = mIAppOpsService.checkOperation(OP_LEGACY_STORAGE, uid, packageName) == MODE_ALLOWED; if (hasLegacy && hasWrite) { return Zygote.MOUNT_EXTERNAL_WRITE; } else if (hasLegacy && hasRead) { return Zygote.MOUNT_EXTERNAL_READ; } else { return Zygote.MOUNT_EXTERNAL_DEFAULT; } } catch (RemoteException e) { // Should not happen } Loading
