Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d563e937 authored by Svet Ganov's avatar Svet Ganov
Browse files

Make storage a restricted permission - framework 

This change makes storage a soft restricted permission. When the
permission is whitelisted for an app then hodlding it allows the
app to access the full SD card as on a P device. If howerver, the
permisison is not whitelisted for an app then holding it allows
accessing the visual/aural collections in media store while the
app would run in its own isolated storage sandbox.

This change also connects the opt in/out application attribute
to how external storage is mounted remocing temporary code. The
attribute was renamed to convey that opting in legacy mode is
not somethung that is desirable or would be available in the long
run.

White at this also fix the default state of app ops for restricted
permissions to avoid allowing ops for non requested restricted
permissions to every UID as component access could skip permission
checks by cannot skip app op checks.

bug:130327036

atest CtsPermission2TestCases
atest CtsPermissionTestCases
atest CtsAppOpsTestCases
atest atest CtsAppSecurityHostTestCases:android.appsecurity.cts.ExternalStorageHostTest
atest CtsAppSecurityHostTestCases:android.appsecurity.cts.PermissionsHostTest

Change-Id: Ibb23cbb6a5c66d9c3823cc13562a1b903b391ffd
parent 75d75ce3

api/current.txt

+2 −1
Original line number Diff line number Diff line
@@ -287,7 +287,6 @@ package android { 
    field public static final int allowBackup = 16843392; // 0x1010280

    field public static final int allowClearUserData = 16842757; // 0x1010005

    field public static final int allowEmbedded = 16843765; // 0x10103f5

    field public static final int allowExternalStorageSandbox = 16844201; // 0x10105a9

    field public static final int allowParallelSyncs = 16843570; // 0x1010332

    field public static final int allowSingleTap = 16843353; // 0x1010259

    field public static final int allowTaskReparenting = 16843268; // 0x1010204
@@ -1125,6 +1124,7 @@ package android { 
    field public static final int reqKeyboardType = 16843304; // 0x1010228

    field public static final int reqNavigation = 16843306; // 0x101022a

    field public static final int reqTouchScreen = 16843303; // 0x1010227

    field public static final int requestLegacyExternalStorage = 16844201; // 0x10105a9

    field public static final int requireDeviceUnlock = 16843756; // 0x10103ec

    field public static final int required = 16843406; // 0x101028e

    field public static final int requiredAccountType = 16843734; // 0x10103d6
@@ -11859,6 +11859,7 @@ package android.content.pm { 
    field @NonNull public static final android.os.Parcelable.Creator<android.content.pm.PermissionInfo> CREATOR;

    field public static final int FLAG_COSTS_MONEY = 1; // 0x1

    field public static final int FLAG_HARD_RESTRICTED = 4; // 0x4

    field public static final int FLAG_IMMUTABLY_RESTRICTED = 16; // 0x10

    field public static final int FLAG_INSTALLED = 1073741824; // 0x40000000

    field public static final int FLAG_SOFT_RESTRICTED = 8; // 0x8

    field public static final int PROTECTION_DANGEROUS = 1; // 0x1

core/java/android/app/AppOpsManager.java

+9 −9
Original line number Diff line number Diff line
@@ -1752,21 +1752,21 @@ public class AppOpsManager { 
            AppOpsManager.MODE_ALLOWED, // VIBRATE

            AppOpsManager.MODE_ALLOWED, // READ_CONTACTS

            AppOpsManager.MODE_ALLOWED, // WRITE_CONTACTS

            AppOpsManager.MODE_DEFAULT, // READ_CALL_LOG

            AppOpsManager.MODE_DEFAULT, // WRITE_CALL_LOG

            AppOpsManager.MODE_ALLOWED, // READ_CALL_LOG

            AppOpsManager.MODE_ALLOWED, // WRITE_CALL_LOG

            AppOpsManager.MODE_ALLOWED, // READ_CALENDAR

            AppOpsManager.MODE_ALLOWED, // WRITE_CALENDAR

            AppOpsManager.MODE_ALLOWED, // WIFI_SCAN

            AppOpsManager.MODE_ALLOWED, // POST_NOTIFICATION

            AppOpsManager.MODE_ALLOWED, // NEIGHBORING_CELLS

            AppOpsManager.MODE_ALLOWED, // CALL_PHONE

            AppOpsManager.MODE_DEFAULT, // READ_SMS

            AppOpsManager.MODE_ALLOWED, // READ_SMS

            AppOpsManager.MODE_IGNORED, // WRITE_SMS

            AppOpsManager.MODE_DEFAULT, // RECEIVE_SMS

            AppOpsManager.MODE_ALLOWED, // RECEIVE_SMS

            AppOpsManager.MODE_ALLOWED, // RECEIVE_EMERGENCY_BROADCAST

            AppOpsManager.MODE_DEFAULT, // RECEIVE_MMS

            AppOpsManager.MODE_DEFAULT, // RECEIVE_WAP_PUSH

            AppOpsManager.MODE_DEFAULT, // SEND_SMS

            AppOpsManager.MODE_ALLOWED, // RECEIVE_MMS

            AppOpsManager.MODE_ALLOWED, // RECEIVE_WAP_PUSH

            AppOpsManager.MODE_ALLOWED, // SEND_SMS

            AppOpsManager.MODE_ALLOWED, // READ_ICC_SMS

            AppOpsManager.MODE_ALLOWED, // WRITE_ICC_SMS

            AppOpsManager.MODE_DEFAULT, // WRITE_SETTINGS
@@ -1800,10 +1800,10 @@ public class AppOpsManager { 
            AppOpsManager.MODE_ALLOWED, // READ_PHONE_STATE

            AppOpsManager.MODE_ALLOWED, // ADD_VOICEMAIL

            AppOpsManager.MODE_ALLOWED, // USE_SIP

            AppOpsManager.MODE_DEFAULT, // PROCESS_OUTGOING_CALLS

            AppOpsManager.MODE_ALLOWED, // PROCESS_OUTGOING_CALLS

            AppOpsManager.MODE_ALLOWED, // USE_FINGERPRINT

            AppOpsManager.MODE_ALLOWED, // BODY_SENSORS

            AppOpsManager.MODE_DEFAULT, // READ_CELL_BROADCASTS

            AppOpsManager.MODE_ALLOWED, // READ_CELL_BROADCASTS

            AppOpsManager.MODE_ERRORED, // MOCK_LOCATION

            AppOpsManager.MODE_ALLOWED, // READ_EXTERNAL_STORAGE

            AppOpsManager.MODE_ALLOWED, // WRITE_EXTERNAL_STORAGE

core/java/android/content/pm/ApplicationInfo.java

+8 −9
Original line number Diff line number Diff line
@@ -679,13 +679,13 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { 
    public static final int PRIVATE_FLAG_IS_RESOURCE_OVERLAY = 1 << 28;



    /**

     * Value for {@link #privateFlags}: If {@code true} this app allows

     * shared/external storage media to be a sandboxed view that only contains

     * files owned by the app.

     * Value for {@link #privateFlags}: If {@code true} this app requests

     * full external storage access. The request may not be honored due to

     * policy or other reasons.

     *

     * @hide

     */

    public static final int PRIVATE_FLAG_ALLOW_EXTERNAL_STORAGE_SANDBOX = 1 << 29;

    public static final int PRIVATE_FLAG_REQUEST_LEGACY_EXTERNAL_STORAGE = 1 << 29;



    /**

     * Value for {@link #privateFlags}: whether this app is pre-installed on the
@@ -723,7 +723,7 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { 
            PRIVATE_FLAG_HAS_FRAGILE_USER_DATA,

            PRIVATE_FLAG_ALLOW_CLEAR_USER_DATA_ON_FAILED_RESTORE,

            PRIVATE_FLAG_ALLOW_AUDIO_PLAYBACK_CAPTURE,

            PRIVATE_FLAG_ALLOW_EXTERNAL_STORAGE_SANDBOX,

            PRIVATE_FLAG_REQUEST_LEGACY_EXTERNAL_STORAGE,

            PRIVATE_FLAG_ODM,

    })

    @Retention(RetentionPolicy.SOURCE)
@@ -1858,13 +1858,12 @@ public class ApplicationInfo extends PackageItemInfo implements Parcelable { 
    }



    /**

     * If {@code true} this app allows shared/external storage media to be a

     * sandboxed view that only contains files owned by the app.

     * If {@code true} this app requested to run in the legacy storage mode.

     *

     * @hide

     */

    public boolean isExternalStorageSandboxAllowed() {

        return (privateFlags & PRIVATE_FLAG_ALLOW_EXTERNAL_STORAGE_SANDBOX) != 0;

    public boolean hasRequestedLegacyExternalStorage() {

        return (privateFlags & PRIVATE_FLAG_REQUEST_LEGACY_EXTERNAL_STORAGE) != 0;

    }



    private boolean isAllowedToUseHiddenApis() {

core/java/android/content/pm/PackageInstaller.java

+7 −6
Original line number Diff line number Diff line
@@ -1505,13 +1505,14 @@ public class PackageInstaller { 
         * allows the app to hold that permission and whitelisting a soft restricted

         * permission allows the app to hold the permission in its full, unrestricted form.

         *

         * <p>The whitelisted permissions would be applied as the {@link

         * PackageManager#FLAG_PERMISSION_WHITELIST_INSTALLER installer whitelist}.

         *

         * @param permissions The restricted permissions to whitelist. Pass

         * {@link #RESTRICTED_PERMISSIONS_ALL} to whitelist all permissions and

         * <code>null</code> to clear. If you want to whitelist some permissions

         * (not all) the list must contain at least one permission.

         * <p> Permissions can also be immutably restricted which means that the whitelist

         * state of the permission can be determined only at install time and cannot be

         * changed on updated or at a later point via the package manager APIs.

         *

         * <p>The whitelisted non-immutably restricted permissions would be added to

         * the {@link PackageManager#FLAG_PERMISSION_WHITELIST_INSTALLER installer whitelist}

         * while the immutably restricted permissions would be added to the {@link

         * PackageManager#FLAG_PERMISSION_WHITELIST_SYSTEM system whitelist}

         *

         * @see PackageManager#addWhitelistedRestrictedPermission(String, String, int)

         * @see PackageManager#removeWhitelistedRestrictedPermission(String, String, int)

core/java/android/content/pm/PackageParser.java

+3 −3
Original line number Diff line number Diff line
@@ -3700,9 +3700,9 @@ public class PackageParser { 
        }



        if (sa.getBoolean(

                R.styleable.AndroidManifestApplication_allowExternalStorageSandbox,

                owner.applicationInfo.targetSdkVersion >= Build.VERSION_CODES.Q)) {

            ai.privateFlags |= ApplicationInfo.PRIVATE_FLAG_ALLOW_EXTERNAL_STORAGE_SANDBOX;

                R.styleable.AndroidManifestApplication_requestLegacyExternalStorage,

                owner.applicationInfo.targetSdkVersion < Build.VERSION_CODES.Q)) {

            ai.privateFlags |= ApplicationInfo.PRIVATE_FLAG_REQUEST_LEGACY_EXTERNAL_STORAGE;

        }



        ai.maxAspectRatio = sa.getFloat(R.styleable.AndroidManifestApplication_maxAspectRatio, 0);