Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d8451a74 authored by Dipankar Bhardwaj's avatar Dipankar Bhardwaj
Browse files

Clear calling identity before call to UserManagerService 

UserManagerService requires calling uid to have query or create users permission to fetch user info. When a volume is ejected from DocumentsUI, ejectRoot call is triggered to ExternalStorageProvider which further calls into StorageManagerService unmount. StorageManagerService checks for permission "android.permission.MOUNT_UNMOUNT_FILESYSTEMS" which ExternalStorageProvider has. For further call into UserManagerService, ExternalStorageProvider's identity is used, which fails as ExternalStorageProvider does not CREATE_USERS or QUERY_USERS permission. Call from StorageManagerService should be made with its own identity in this case given unmount() does not require caller to hold QUERY/CREATE user permission.

Bug: 209931583
Bug: 267955224
Change-Id: I9d00c7892b75345e1c4e83f1ec819fd9f4c36922
Test: locally
parent fc7c11e0

services/core/java/com/android/server/storage/StorageSessionController.java

+12 −10
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@ import android.content.pm.ProviderInfo; 
import android.content.pm.ResolveInfo;

import android.content.pm.ServiceInfo;

import android.content.pm.UserInfo;

import android.os.Binder;

import android.os.IVold;

import android.os.ParcelFileDescriptor;

import android.os.RemoteException;
@@ -246,17 +247,18 @@ public final class StorageSessionController { 
     * Call {@link #onVolumeRemove} to remove the connection without waiting for exit

     */

    public void onVolumeUnmount(VolumeInfo vol) {

        String sessionId = vol.getId();

        final long token = Binder.clearCallingIdentity();

        try {

            StorageUserConnection connection = onVolumeRemove(vol);



            Slog.i(TAG, "On volume unmount " + vol);

            if (connection != null) {

            String sessionId = vol.getId();



            try {

              connection.removeSessionAndWait(sessionId);

            }

        } catch (ExternalStorageServiceException e) {

            Slog.e(TAG, "Failed to end session for vol with id: " + sessionId, e);

            }

        } finally {

            Binder.restoreCallingIdentity(token);

        }

    }