Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit db9e238e authored by Samiul Islam's avatar Samiul Islam Committed by Mohammad Samiul Islam
Browse files

Disallow external storage access without restricting other api calls 

Currently, sandbox cannot call any apis from StorageManager that checks
calling package has same uid as calling uid. This CL fixes that by using
pm.isSameApp() api.

Additionally, since Environment.java fetches the initial application
context, the uid for that does not fall under the sandbox uid range. It
falls under app uid range. We fix the problem by checking for
PROPERTY_NO_APP_DATA_STORAGE flag on the application.

Bug: 228424287
Test: atest CtsSdkSandboxInprocessTests (see ag/17657742)
Change-Id: I8d9fca369cfbed47b40a42a44a40ff73acb712ec
parent c9bf2574

core/java/android/os/Environment.java

+12 −0
Original line number Diff line number Diff line
@@ -1361,6 +1361,18 @@ public class Environment { 
            return false;

        }



        // Apps with PROPERTY_NO_APP_DATA_STORAGE should not be allowed in scoped storage

        final String packageName = AppGlobals.getInitialPackage();

        try {

            final PackageManager.Property noAppStorageProp = packageManager.getProperty(

                    PackageManager.PROPERTY_NO_APP_DATA_STORAGE, packageName);

            if (noAppStorageProp != null && noAppStorageProp.getBoolean()) {

                return false;

            }

        } catch (PackageManager.NameNotFoundException ignore) {

            // Property not defined for the package

        }



        boolean defaultScopedStorage = Compatibility.isChangeEnabled(DEFAULT_SCOPED_STORAGE);

        boolean forceEnableScopedStorage = Compatibility.isChangeEnabled(

                FORCE_ENABLE_SCOPED_STORAGE);

services/core/java/com/android/server/StorageManagerService.java

+1 −13
Original line number Diff line number Diff line
@@ -3055,19 +3055,7 @@ class StorageManagerService extends IStorageManager.Stub 
            return true;

        }



        if (packageName == null) {

            return false;

        }



        final int packageUid = mPmInternal.getPackageUid(packageName,

                PackageManager.MATCH_DEBUG_TRIAGED_MISSING, UserHandle.getUserId(callerUid));



        if (DEBUG_OBB) {

            Slog.d(TAG, "packageName = " + packageName + ", packageUid = " +

                    packageUid + ", callerUid = " + callerUid);

        }



        return callerUid == packageUid;

        return mPmInternal.isSameApp(packageName, callerUid, UserHandle.getUserId(callerUid));

    }



    @Override