Enforce READ_EXTERNAL through Settings.Secure. (f5385771) · Commits · e / os / android_frameworks_base

core/java/android/content/pm/PackageManager.java

+0 −5

Original line number	Diff line number	Diff line
		@@ -23,7 +23,6 @@ import android.content.Context;
		import android.content.Intent;
		import android.content.IntentFilter;
		import android.content.IntentSender;
		import android.content.pm.ManifestDigest;
		import android.content.res.Resources;
		import android.content.res.XmlResourceParser;
		import android.graphics.drawable.Drawable;
		@@ -1090,10 +1089,6 @@ public abstract class PackageManager {
		public static final String EXTRA_VERIFICATION_INSTALL_FLAGS
		= "android.content.pm.extra.VERIFICATION_INSTALL_FLAGS";

		/** {@hide} */
		// TODO: enable this for userdebug and eng builds; see 6389556
		public static final boolean DEFAULT_ENFORCE_READ_EXTERNAL_STORAGE = false;

		/**
		* Retrieve overall information about an application package that is
		* installed on the system.

core/java/android/provider/Settings.java

+4 −0

Original line number	Diff line number	Diff line
		@@ -4253,6 +4253,10 @@ public final class Settings {
		/** Timeout for package verification. {@hide} */
		public static final String PACKAGE_VERIFIER_TIMEOUT = "verifier_timeout";

		/** {@hide} */
		public static final String
		READ_EXTERNAL_STORAGE_ENFORCED_DEFAULT = "read_external_storage_enforced_default";

		/**
		* Duration in milliseconds before pre-authorized URIs for the contacts
		* provider should expire.

services/java/com/android/server/pm/PackageManagerService.java

+10 −3

Original line number	Diff line number	Diff line
		@@ -98,6 +98,7 @@ import android.os.ServiceManager;
		import android.os.SystemClock;
		import android.os.SystemProperties;
		import android.os.UserId;
		import android.provider.Settings.Secure;
		import android.security.SystemKeyStore;
		import android.util.DisplayMetrics;
		import android.util.EventLog;
		@@ -9259,7 +9260,8 @@ public class PackageManagerService extends IPackageManager.Stub {
		mContext.enforceCallingOrSelfPermission(GRANT_REVOKE_PERMISSIONS, null);
		if (READ_EXTERNAL_STORAGE.equals(permission)) {
		synchronized (mPackages) {
		if (mSettings.mReadExternalStorageEnforced != enforced) {
		if (mSettings.mReadExternalStorageEnforced == null
		\|\| mSettings.mReadExternalStorageEnforced != enforced) {
		mSettings.mReadExternalStorageEnforced = enforced;
		mSettings.writeLPr();

		@@ -9284,7 +9286,6 @@ public class PackageManagerService extends IPackageManager.Stub {

		@Override
		public boolean isPermissionEnforced(String permission) {
		mContext.enforceCallingOrSelfPermission(GRANT_REVOKE_PERMISSIONS, null);
		synchronized (mPackages) {
		return isPermissionEnforcedLocked(permission);
		}
		@@ -9292,7 +9293,13 @@ public class PackageManagerService extends IPackageManager.Stub {

		private boolean isPermissionEnforcedLocked(String permission) {
		if (READ_EXTERNAL_STORAGE.equals(permission)) {
		if (mSettings.mReadExternalStorageEnforced != null) {
		return mSettings.mReadExternalStorageEnforced;
		} else {
		// if user hasn't defined, fall back to secure default
		return Secure.getInt(mContext.getContentResolver(),
		Secure.READ_EXTERNAL_STORAGE_ENFORCED_DEFAULT, 0) != 0;
		}
		} else {
		return true;
		}

services/java/com/android/server/pm/Settings.java

+2 −3

Original line number	Diff line number	Diff line
		@@ -111,7 +111,7 @@ final class Settings {
		int mInternalSdkPlatform;
		int mExternalSdkPlatform;

		boolean mReadExternalStorageEnforced = PackageManager.DEFAULT_ENFORCE_READ_EXTERNAL_STORAGE;
		Boolean mReadExternalStorageEnforced;

		/** Device identity for the purpose of package verification. */
		private VerifierDeviceIdentity mVerifierDeviceIdentity;
		@@ -1147,8 +1147,7 @@ final class Settings {
		serializer.endTag(null, "verifier");
		}

		if (mReadExternalStorageEnforced
		!= PackageManager.DEFAULT_ENFORCE_READ_EXTERNAL_STORAGE) {
		if (mReadExternalStorageEnforced != null) {
		serializer.startTag(null, TAG_READ_EXTERNAL_STORAGE);
		serializer.attribute(
		null, ATTR_ENFORCEMENT, mReadExternalStorageEnforced ? "1" : "0");