Merge "Don't allow non-admins to adopt sd card for internal storage" into mnc-dev

author: Amith Yamasani <yamasani@google.com> 2015-06-30 23:00:06 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2015-06-30 23:00:08 +0000
commit: 2b64ec470c7f18a2e8995d6131d99c58849f9938 (patch)
tree: 5dd09cd0b0efb334d10c49e0e7a222c80607d47a
parent: 081ddbe296f6cfd29b4576ed20c8559f8aeae025 (diff)
parent: 462ac3a2aa5e1c974d056dc7221805e2b8ac7823 (diff)
download: frameworks_base-2b64ec470c7f18a2e8995d6131d99c58849f9938.zip
frameworks_base-2b64ec470c7f18a2e8995d6131d99c58849f9938.tar.gz
frameworks_base-2b64ec470c7f18a2e8995d6131d99c58849f9938.tar.bz2
2 files changed, 27 insertions, 0 deletions
diff --git a/core/java/android/os/UserManager.java b/core/java/android/os/UserManager.java
index 6384af3..b104135 100644
--- a/core/java/android/os/UserManager.java
+++ b/core/java/android/os/UserManager.java
@@ -572,6 +572,16 @@ public class UserManager {
     }
 
     /**
+     * @hide
+     * Returns whether the caller is running as an admin user. There can be more than one admin
+     * user.
+     */
+    public boolean isAdminUser() {
+        UserInfo user = getUserInfo(UserHandle.myUserId());
+        return user != null ? user.isAdmin() : false;
+    }
+
+    /**
      * Used to check if the user making this call is linked to another user. Linked users may have
      * a reduced number of available apps, app restrictions and account restrictions.
      * @return whether the user making this call is a linked user
diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java
index 45a7767..b4fa46d 100644
--- a/services/core/java/com/android/server/MountService.java
+++ b/services/core/java/com/android/server/MountService.java
@@ -1202,6 +1202,21 @@ class MountService extends IMountService.Stub
         }
     }
 
+    private void enforceAdminUser() {
+        UserManager um = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
+        final int callingUserId = UserHandle.getCallingUserId();
+        boolean isAdmin;
+        long token = Binder.clearCallingIdentity();
+        try {
+            isAdmin = um.getUserInfo(callingUserId).isAdmin();
+        } finally {
+            Binder.restoreCallingIdentity(token);
+        }
+        if (!isAdmin) {
+            throw new SecurityException("Only admin users can adopt sd cards");
+        }
+    }
+
     /**
      * Constructs a new MountService instance
      *
@@ -1537,6 +1552,7 @@ class MountService extends IMountService.Stub
     @Override
     public void partitionPrivate(String diskId) {
         enforcePermission(android.Manifest.permission.MOUNT_FORMAT_FILESYSTEMS);
+        enforceAdminUser();
         waitForReady();
 
         final CountDownLatch latch = findOrCreateDiskScanLatch(diskId);
@@ -1551,6 +1567,7 @@ class MountService extends IMountService.Stub
     @Override
     public void partitionMixed(String diskId, int ratio) {
         enforcePermission(android.Manifest.permission.MOUNT_FORMAT_FILESYSTEMS);
+        enforceAdminUser();
         waitForReady();
 
         final CountDownLatch latch = findOrCreateDiskScanLatch(diskId);
author	Amith Yamasani <yamasani@google.com>	2015-06-30 23:00:06 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2015-06-30 23:00:08 +0000
commit	2b64ec470c7f18a2e8995d6131d99c58849f9938 (patch)
tree	5dd09cd0b0efb334d10c49e0e7a222c80607d47a
parent	081ddbe296f6cfd29b4576ed20c8559f8aeae025 (diff)
parent	462ac3a2aa5e1c974d056dc7221805e2b8ac7823 (diff)
download	frameworks_base-2b64ec470c7f18a2e8995d6131d99c58849f9938.zip frameworks_base-2b64ec470c7f18a2e8995d6131d99c58849f9938.tar.gz frameworks_base-2b64ec470c7f18a2e8995d6131d99c58849f9938.tar.bz2